Reddit announced in a post today that it recently discovered a security incident where a hacker was able to gain access to some user data, including emails and hashed passwords from an old database.
Reddit shared that it learned about the security breach on June 19 and that the hacker had access to a couple of its systems between June 14-18. The good news is the database that was compromised was from 2007, and only had hashed passwords. Also, the hacker didn’t gain any write access to Reddit’s systems. However, a database with current Reddit user email addresses was also compromised.
The hacker was able to gain access to Reddit’s internal systems by using SMS intercept attacks on some of the company’s employees. Reddit is encouraging users to use token-based 2FA, and has a few steps to check if your account was involved. It is also messaging affected users directly about the incident.
As always with a situation like this, updating your password is best practice.