Photo by Harris & Ewing
Social news site Reddit has announced that an attacker accessed some of its user data in June 2018. The breach isn’t severe, as the account data stemmed from the site’s earliest days, between 2005 and 2007, along with email digests sent in June 2018. Regardless, if you’re a Reddit user and aren’t certain that you’ve changed your password in the last decade, you should do so and enable two-factor authentication. Reddit also recommends deleting anything you’ve posted to Reddit that you may not want associated with your email address.
The larger lesson is to avoid two-factor authentication systems that rely on SMS messages, since the breach of the Reddit employee accounts was facilitated by an SMS intercept. Instead, use systems that rely on an authentication app, like 1Password, Authy, or Google Authenticator.