• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

Reddit Suffers a New Data Breach

August 3, 2018 By Sven Taylor — 10 Comments
stop using reddit

Reddit – the popular forum owned by the Condé Nast (Advanced Publications) media empire – was recently in the news for a data breach that exposed private user information.

While it’s difficult to determine exactly how many people are affected – mainly because Reddit is not revealing much information – they did publicly acknowledge a “serious” data breach that gives third parties direct access to sensitive user data:

All Reddit data from 2007 and before including account credentials and email addresses

What was accessed: A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashedpasswords), email addresses, and all content (mostly public, but also private messages) from way back then.

Email digests sent by Reddit in June 2018

What was accessed:Logs containing the email digests we sent between June 3 and June 17, 2018. The logs contain the digest emails themselves — they look like this. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.

If reddit discovered this hack all the way back in June, why did they wait until August to alert their users?

This situation also illustrates the vulnerabilities of two-factor authentication, as they revealed in their announcement:

Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept.

While 2FA isn’t a bad idea in many situations, it’s certainly no security silver bullet – as we’ve known for years. The admins at reddit should have known this – perhaps now they got the memo.

The second data breach mentioned, involving the email digests, is particularly concerning because it gives the hackers the account and user’s email address, thereby allowing them to link reddit users with real identities.

So the real question is how did this happen…

Perhaps someone inside reddit was paid to give access to the “hackers” – who knows. User data is very valuable, so that should not be ruled out.

Reddit privacy tips

Here are a few privacy tips, which could be applied to other platforms aside from reddit:

  1. Don’t use your real name on reddit or other social media.
  2. Don’t use your real email. On reddit, you can register with a completely fictitious email address – no email verification required. But if you still want to get email notifications, you can set up a free secure email account (such as with Tutanota or Mailfence) and use it as necessary for your reddit profile.
  3. Use unique and secure passwords. Don’t use the same password for different platforms. (Check out the best password managers.)
  4. Consider using 2FA (but keep in mind that two factor authentication – particularly 2FA SMS – has known vulnerabilities).
  5. Skip the surveys.
  6. Be careful about revealing private information, such as employer, locations, and anything else that someone could use to track you down.
  7. Remember that there are many ways to identify you online – whether it is on reddit or anywhere else. This illustrates the need for using privacy tools, such as a secure browser, advertisement/tracking blockers, a good VPN to encrypt and anonymize your internet traffic, and more. You can also find lots of opinions on the best VPN according to Reddit.

Of course, the precautions you take should correspond to your threat level. But as this recent hack shows, your data could end up in someone else’s hands.

With the latest example, reddit claimed it was also related to one of their partners, since the hack was carried out on “employees’ accounts with our cloud and source code hosting providers.”

Issues with Reddit

Reddit was an interesting and innovative platform back in the early days, but the creators quickly sold out to the Condé Nast media empire in 2006. Twelve years later, Reddit is now just another corporate, censored, privacy-abusing web platform.

This latest data breach is just another example illustrating why reddit needs to die. They have put their users’ privacy and security at risk and deliberately withheld this information after the hack.

And if you need some more reasons to say goodbye to reddit, here you go:

1. Reddit is heavily censored.

Reddit in 2018 is a joke. Many subs are censored and moderated by heavy-handed mods who will remove anything on a whim.

2. Reddit does not respect your privacy.

The latest case shows that clearly. To further illustrate this issue, reddit removed its surveillance warrant canary in 2016. As reported by Reuters, this suggests that reddit “is now being asked to hand over customer data” to various authorities and agencies.

3. Reddit has a distinct bias.

Many subs have been censored and shutdown for various reasons, upsetting long-time reddit users. This seems to be getting worse.

reddit shut down

4. Reddit is boring.

Just like Facebook, Twitter, and other giant, censored media platforms, reddit has become stale and boring in 2018.

Aside from the free speech issues, the privacy violations are arguably the biggest reasons to leave reddit now.

If you are ready to consider other platforms, here are some reddit alternatives:

  1. Hacker News
  2. Steemit
  3. Raddle
  4. Voten

Time to jump ship.

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. glix

    November 9, 2022

    May I also suggest Lemmy?
    [https://join-lemmy.org/]

    Reply
  2. glix

    June 15, 2022

    https://libreddit.spike.codes/

    Reply
  3. Sister EDI

    December 29, 2021

    Since they don’t offer payment by crypto you are trackable to true self by you payment details in any case. Hence I don’t believe they care all that much about privacy.

    Reply
  4. Mark William

    December 28, 2021

    I’m a small business owner and checked out Reddit. Suddenly I was trolled by a user who I can’t locate. Reddit won’t do anything about it, and inferred it was my fault for getting upset about being libeled, so I deleted/deactivated account. What a bizarre rabbit hole that innocent search turned into. Be careful, and follow the advice they’ve listed above. use a fake name, email, and don’t give anything about your business out. Beware

    Reply
  5. another false name

    November 24, 2021

    or you could do as most of us do, use a stupid false name, a fake disposable email account and thats it.

    Reply
  6. Julie

    December 27, 2020

    I recently discovered pushshift.io which is a reddit user who scrapes the entirety of reddit (sub, author, post title, post, date….etc) including PRIVATE subs. The worst thing he’s able to do is retrieve ALL (agoing back all years) of your deleted comments which baffles me. He launched a site where you can enter a user name and retrieve all their deleted comments and posts. That was the end for me.

    Reply
    • Johnny

      March 27, 2021

      Thanks for the heads up with pushshift.io, that’s pretty interesting…Not that anything is truly deleted or private on any social media site.

      I stopped using reddit a couple years back myself, but noticed that the quality of the users and content has dropped slowly over the years as it became more known and popular. Perhaps some super niche topics like /r/vim are still useful but I’ll keep it to lurking occasional search engine results, if they happen to be useful. But my days of contributing are over for good.

      It’s also easy-to-manipulate site, in addition to being designed for groupthink with its upvote system. No one really upvotes or downvotes posts/comments that add to the discussion, just simply whether or not they like or dislike it.

      And I’m guessing that the Tencent investment awhile back has an outsized impact especially regarding the CCP. Heck, the CEO, Steve Huffman, edited user posts back in 2016 on The_Donald subreddit–a site that’s supposed to dedicated to free speech!

      I’d say the site probably jumped the shark prior to 2012-2013, if I’m being honest.

      Reply
  7. Will Wheaton

    November 24, 2020

    https://www.reddit.com/r/TOR/comments/jvrty6/lies_everywhere/

    They talked about you here.
    And yes, nord and express vpn are well lets say too many advertisements about them, its getting too much even if they are as good as they claimed.
    Also, i read somewhere ,i forgot now that nord vpn office i think secretly moved to #murica, so yeah.

    Reply
    • Sven Taylor

      November 24, 2020

      Like I said in my Tor article, Tor followers will scream “FUD” or whatever, but they can never deny the facts or prove any of my claims wrong. They can only whine and hang out on reddit with like-minded sheep. Tor is like a cult, and reddit is an echo chamber of Group Think for these types.

      Reply
  8. Mr.Gy

    October 26, 2020

    PSA: VOAT is mainly alt-right (read: not conservative, not right aligned, but extreme alt-right). Not judging anyone for browsing it, just know that if your a normal person you might not enjoy it

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP