Reddit – the popular forum owned by the Condé Nast (Advanced Publications) media empire – was recently in the news for a data breach that exposed private user information.
While it’s difficult to determine exactly how many people are affected – mainly because Reddit is not revealing much information – they did publicly acknowledge a “serious” data breach that gives third parties direct access to sensitive user data:
All Reddit data from 2007 and before including account credentials and email addresses
What was accessed: A complete copy of an old database backup containing very early Reddit user data — from the site’s launch in 2005 through May 2007. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashedpasswords), email addresses, and all content (mostly public, but also private messages) from way back then.
Email digests sent by Reddit in June 2018
What was accessed:Logs containing the email digests we sent between June 3 and June 17, 2018. The logs contain the digest emails themselves — they look like this. The digests connect a username to the associated email address and contain suggested posts from select popular and safe-for-work subreddits you subscribe to.
If reddit discovered this hack all the way back in June, why did they wait until August to alert their users?
This situation also illustrates the vulnerabilities of two-factor authentication, as they revealed in their announcement:
Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept.
While 2FA isn’t a bad idea in many situations, it’s certainly no security silver bullet – as we’ve known for years. The admins at reddit should have known this – perhaps now they got the memo.
The second data breach mentioned, involving the email digests, is particularly concerning because it gives the hackers the account and user’s email address, thereby allowing them to link reddit users with real identities.
So the real question is how did this happen…
Perhaps someone inside reddit was paid to give access to the “hackers” – who knows. User data is very valuable, so that should not be ruled out.
Reddit privacy tips
Here are a few privacy tips, which could be applied to other platforms aside from reddit:
- Don’t use your real name on reddit or other social media.
- Don’t use your real email. On reddit, you can register with a completely fictitious email address – no email verification required. But if you still want to get email notifications, you can set up a free secure email account (such as with Tutanota or Mailfence) and use it as necessary for your reddit profile.
- Use unique and secure passwords. Don’t use the same password for different platforms. (Check out the best password managers.)
- Consider using 2FA (but keep in mind that two factor authentication – particularly 2FA SMS – has known vulnerabilities).
- Skip the surveys.
- Be careful about revealing private information, such as employer, locations, and anything else that someone could use to track you down.
- Remember that there are many ways to identify you online – whether it is on reddit or anywhere else. This illustrates the need for using privacy tools, such as a secure browser, advertisement/tracking blockers, a good VPN to encrypt and anonymize your internet traffic, and more.
Of course, the precautions you take should correspond to your threat level. But as this recent hack shows, your data could end up in someone else’s hands.
With the latest example, reddit claimed it was also related to one of their partners, since the hack was carried out on “employees’ accounts with our cloud and source code hosting providers.”
Why Reddit needs to die
Reddit was an interesting and innovative platform back in the early days, but the creators quickly sold out to the Condé Nast media empire in 2006. Twelve years later, Reddit is now just another corporate, censored, privacy-abusing web platform.
This latest data breach is just another example illustrating why reddit needs to die. They have put their users’ privacy and security at risk and deliberately withheld this information after the hack.
And if you need some more reasons to say goodbye to reddit, here you go:
1. Reddit is heavily censored.
Reddit in 2018 is a joke. Many subs are censored and moderated by heavy-handed mods who will remove anything on a whim.
2. Reddit does not respect your privacy.
The latest case shows that clearly. To further illustrate this issue, reddit removed its surveillance warrant canary in 2016. As reported by Reuters, this suggests that reddit “is now being asked to hand over customer data” to various authorities and agencies.
3. Reddit has a distinct bias.
Many subs have been censored and shutdown for various reasons, upsetting long-time reddit users. This seems to be getting worse.
4. Reddit is boring.
Just like Facebook, Twitter, and other giant, censored media platforms, reddit has become stale and boring in 2018.
Aside from the free speech issues, the privacy violations are arguably the biggest reasons to leave reddit now.
If you are ready to consider other platforms, here are some reddit alternatives:
Time to jump ship.
Since they don’t offer payment by crypto you are trackable to true self by you payment details in any case. Hence I don’t believe they care all that much about privacy.
I’m a small business owner and checked out Reddit. Suddenly I was trolled by a user who I can’t locate. Reddit won’t do anything about it, and inferred it was my fault for getting upset about being libeled, so I deleted/deactivated account. What a bizarre rabbit hole that innocent search turned into. Be careful, and follow the advice they’ve listed above. use a fake name, email, and don’t give anything about your business out. Beware
or you could do as most of us do, use a stupid false name, a fake disposable email account and thats it.
I recently discovered pushshift.io which is a reddit user who scrapes the entirety of reddit (sub, author, post title, post, date….etc) including PRIVATE subs. The worst thing he’s able to do is retrieve ALL (agoing back all years) of your deleted comments which baffles me. He launched a site where you can enter a user name and retrieve all their deleted comments and posts. That was the end for me.
Thanks for the heads up with pushshift.io, that’s pretty interesting…Not that anything is truly deleted or private on any social media site.
I stopped using reddit a couple years back myself, but noticed that the quality of the users and content has dropped slowly over the years as it became more known and popular. Perhaps some super niche topics like /r/vim are still useful but I’ll keep it to lurking occasional search engine results, if they happen to be useful. But my days of contributing are over for good.
It’s also easy-to-manipulate site, in addition to being designed for groupthink with its upvote system. No one really upvotes or downvotes posts/comments that add to the discussion, just simply whether or not they like or dislike it.
And I’m guessing that the Tencent investment awhile back has an outsized impact especially regarding the CCP. Heck, the CEO, Steve Huffman, edited user posts back in 2016 on The_Donald subreddit–a site that’s supposed to dedicated to free speech!
I’d say the site probably jumped the shark prior to 2012-2013, if I’m being honest.
https://www.reddit.com/r/TOR/comments/jvrty6/lies_everywhere/
They talked about you here.
And yes, nord and express vpn are well lets say too many advertisements about them, its getting too much even if they are as good as they claimed.
Also, i read somewhere ,i forgot now that nord vpn office i think secretly moved to #murica, so yeah.
Like I said in my Tor article, Tor followers will scream “FUD” or whatever, but they can never deny the facts or prove any of my claims wrong. They can only whine and hang out on reddit with like-minded sheep. Tor is like a cult, and reddit is an echo chamber of Group Think for these types.
PSA: VOAT is mainly alt-right (read: not conservative, not right aligned, but extreme alt-right). Not judging anyone for browsing it, just know that if your a normal person you might not enjoy it