Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
Photo of a guy with two thumbs down

Photo by Harris & Ewing


Reddit Announces Account Data Breach

Social news site Reddit has announced that an attacker accessed some of its user data in June 2018. The breach isn’t severe, as the account data stemmed from the site’s earliest days, between 2005 and 2007, along with email digests sent in June 2018. Regardless, if you’re a Reddit user and aren’t certain that you’ve changed your password in the last decade, you should do so and enable two-factor authentication. Reddit also recommends deleting anything you’ve posted to Reddit that you may not want associated with your email address.

The larger lesson is to avoid two-factor authentication systems that rely on SMS messages, since the breach of the Reddit employee accounts was facilitated by an SMS intercept. Instead, use systems that rely on an authentication app, like 1Password, Authy, or Google Authenticator.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Reddit Announces Account Data Breach

Notable Replies

  1. I haven’t been able to enable two-factor authentication using the provided instructions. I’m using Safari. Any reason to think another browser might be required? When I logged into my account as the first step, I was prompted to add my email address. Although the process seemed to indicate that my email had been successfully added, clicking the enable two-factor link continues to inform me that I must add a verified email address. A button for verifying email is displayed in the same pop-up window, but when I click it, the window disappears and nothing else happens. If feels like a pop-up window problem, but I don’t have pop-ups disabled, and the first one certainly appeared without a problem. I’ve tried quitting the browser and starting again without success.

  2. I was able to create 2fa on reddit yesterday using Safari, so it’s not anything to do with the browser.

  3. Thanks. I was eventually able to find another widget at the site that let me verify my email address and proceed with enabling two-factor authentication, but I’m not sure I want to install a separate mobile app just to authenticate at reddit.

  4. I have 2FA using an Authenticator app for Google accounts, Facebook, Twitter, Amazon, Microsoft, Dropbox, Backblaze, and Protonmail (thinking of switching from Gmail; not so sure yet.) Anywhere I can get 2FA, I get it. I want that one last bit of protection from somebody stealing an account.

Join the discussion in the TidBITS Discourse forum