Take 10% OFF—Expires in h m s Use code save10u during checkout.

Claim Offer

International support numbers

USA
+1 (800) 405-2972Toll-free +1 (702) 979-7365Local/SMS
CAN
+1 (800) 597-3941Toll-free
AUS
+1 (800) 764-195Toll-free
GBR
+0 (808) 134-9867Toll-free
  Security Bulletin
 
 
 

Select network

 
 
 
 
 
 
 
Reddit breach - Ultius Security bulletin

Reddit Reports "Serious" Data Breach

Read about Reddit's security announcement and see if you were impacted.

Incident snapshot

Website/Service

Reddit  

Breach Date

June 2018

 
 

Announcement Date

August 1, 2018

 

Company Press Release

Via Reddit Blog  
 

Impacted Users

Unknown

 

Root Cause

Two-Factor Authentication Breach (SMS)

 
 

Data Compromised

  • Usernames
  • Email addresses
  • Public posts
  • Hashed passwords (?)
  • Private messages
 
 
 
 

2018 Reddit hack compromises the information of long-time users

On August 1, 2018, Reddit announced via their blog that a hacker comprised several employee accounts with cloud and source code providers. The attack took place over the course of four days between the 14th and 18th of June 2018.

Reddit describes the hack attack as “serious,” although the attacker reportedly only had read-only access and did not gain write access to the Reddit systems (it's still a cyber crime. This means the hacker was able to read the data in systems containing backup data, source code, and other logs. This is good news for Reddit, but not for their users whose data has been compromised.

What Reddit information was compromised

The hacker breached data from 2007 including account credentials and user emails. Luckily for early users, in its early years, Reddit had fewer features, so the breached data was mainly comprised of emails, passwords, usernames, and both public and private messages. The attacker made a complete copy of an old database containing personal information of old Reddit users from 2005 to 2007.

Newer Reddit users are not in the clear either. Logs containing “Reddit email digests” from June 3-17, 2018 were also breached. The Reddit email digests connect usernames to their respective email address and contain suggested subreddits. Redditors who had their email digests unchecked during the breach are unaffected.

If you’re unsure if your account has been compromised, check your inbox for an email from noreply@redditmail.com between June 3-17, 2018.

Reddit is working hard to fix their mistake

Soon after discovering the security incident, Reddit reported it to law enforcement, and they are currently cooperating with the investigation. Reddit recommends users to reset their passwords and were quick to send out password reset emails.

If your email address was compromised and you don’t want anything from your Reddit account to be traced back to that address, Reddit has set up a help page. Visit the Reddit help page to find instructions on how to remove information from your account.

Find out if you were impacted

To find out if your account was impacted, please visit haveibeenpwned.com and enter your email address. This tool will let you know if your email has been associated with any security breach, not just the one that happened with Reddit.

My account was impacted! What do I do?

If your account was impacted, please follow the steps provided.

Step 1: Change your Reddit password

Log into Reddit and update your password (if you have not already done that with their user emails)

 

When choosing a new password, make sure to follow these best practices:

Step 2: Set up security questions and two-factor authentication

While you're changing your Reddit password, we strongly recommend that you set up really strong and personal security questions as well as two-factor authentication (even though Reddit's TFA was compromised).

  • Security questions: Security questions are used to verify your account if unusual activity is detected. Make sure to store these in a safe place.
  • Two-Factor Authentication: Two step verification adds an additional layer of security to your account by prompting you to enter a code sent to your mobile device (through SMS or an authenticator application).
 

Once you have completed these steps, there are some other important things to do in order to stay secure.

Step 3: Change the passwords of any accounts that used that previous password

Any account that reused that password is also at risk. At the very least, make sure to change reused passwords for the following important account types:

  • Online banking
  • Social media sites like Facebook and Twitter
  • Google
  • Anything that involves payment data or social security numbers (PayPal, government sites)

Step 4: Change your Ultius account password

If you have an Ultius account, please follow the steps provided in our account security Knowledge Base article to change your password.

Now that you have secured your accounts and set up some additional security, keep reading to consider some other security considerations.

 
 
 

Other things you can do to protect your security

Yes, now is a great time to brush up on your security best practices. After all, we have previously written about online privacy and are familiar with the body of knowledge. Consider the options below:

  • Get a password manager. We recommend using Dashlane. We use it internally at Ultius and there is a free version available for consumers (like you)
  • Consider updating all of your passwords regularly, especially the ones that you have reused. Once every six months is a sufficient frequency
  • Consider changing your email account to one that has a stronger track record of security, such as Gmail by Google or Outlook by Microsoft
  • Consider setting up two-factor authentication on all of your important accounts (like online banking). This is an added layer of security that will help prevent unauthorized users from accessing your account without authentication from your phone
  • When logging into your email, make sure that your connection is encrypted. Look for HTTPS in the URL box of your browser. It should be in green and look like this
  • Never click strange links while reading emails. If you see a suspicious link, use scanURL to see if it's malicious

Lastly, don't forget to share this guide with your friends, family, and co-workers so that they can stay safe too. Ultius publishes updates to security incidents because customers who use our platform to connect with writers for trusted essay writing services (for sample use) like to be notified about information that my impact their account.

 

 

 

Company

Contact

Connect

Ultius is the trusted provider of content solutions for consumers around the world. Connect with great American writers and get 24/7 support.

Download Ultius for Android on the Google Play Store DMCA.com Protection Status

Ultius, Inc. 1201 N. Orange St. Ste 7038 New Castle County, Wilmington, DE 19801