A coordinated hack attack happened on Reddit a few days ago. The hackers have reportedly posted messages or changed subreddit design in support of President Donald Trump.
The attack seemed to target high-profile subreddits just like the twitter hack that happened last month when twitter accounts of high-profile personalities were hacked, and tweets were made from the compromised accounts. The company immediately appointed the admins to handle the matter, and many subs were reverted to normal with immediate effect.
The authorities reported that the attack took place via compromised accounts. However, matters are not clear about the technique employed to compromise the accounts. Some experts claim that the attack seems to be the work of coordinated phishing campaigns. When such tricks work and legitimate credentials are stolen, hackers use it to gain access to the organization’s private network. This access is then further exploited to create accounts with privileged controls, which are very difficult to trace.
In its official statement, Reddit has urged the users to enable two-factor authentication stating that it might not ensure complete safety but is still an important step. It has also urged the users to report any unusual activity to the authorities and change their passwords for the sake of security. A list of the compromised subreddits has also been shared.
The authorities have also claimed that none of the compromised accounts had enabled two-factor authentication, but this statement receives opposition from the people, especially the tech community. Arguments are being made about the insecurity of the SMS factor in the two-step verification process. The SMS authentication leaves the people vulnerable to such attacks as techniques such as SIM swapping are prominently used to carry on such frauds.
Platforms like Reddit, Twitter, etc. are more prone to such attacks because they provide a public platform for people to voice their views and opinions. The security measures are a little challenging to implement, especially on Reddit, given the condition that the volunteers run popular subreddits.
The attack could have been massive, but the timely implementation of the right measures has taken control of the situation. However, this is not the first time Reddit has been attacked. In 2017, a major attack happened on Reddit, and loads of data were stolen, including user emails, source code, internal files, and many more. The attack prompted severe questions on the security measures of the company. After the incident, Reddit introduced the concept of two-factor authentication for better security.
Even after its implementation, the measure does not seem to be working. The law enforcement agencies and the company itself are looking into the matter. Investigations are ongoing, but these investigations are efficient only if proper mitigation efforts are implemented by those accountable.