If you receive an emailed daily digest of content from Reddit, you might want to head over and take a peek in your account.
Specifically, you’ll want to change your password, change that password if you’ve used it on any other sites, and oh yeah, make sure you haven’t posted anything embarrassing to any discussion threads on Reddit under that email address.
Why? Because hackers broke the two-factor authentication that employees have to use when logging in. They were able to nab all the login credentials for anyone who registered with the site between its launch in 2005 and May 2007, as well as get the email addresses of everyone who subscribes to digests.
If you’re in any embarrassing, personal, political, or sexually-themed subreddits, not only are previous public and private posts from the launch years now in the hands of hackers, your more recent content is too if you’ve subscribed to digests. That could make for some interesting conversations if anyone uncovers your work email and sends your posts to your boss, or gains access to your email inbox and forwards these posts to your significant other.
A silver lining
Fortunately, the hackers are not able (apparently) to log in as you and post their own embarrassing content under your account, but that doesn’t mean there won’t be some ransom attempts along those lines. According to a post on the breach from Reddit, “Although this was a serious attack, the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs. They were not able to alter Reddit information, and we have taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.”
If you do have anything sensitive posted to Reddit that you wouldn’t want to share publicly with your name beside it, Reddit has provided a help link in their post that can walk you through how to get rid of it.