SECURITY
SECURITY
SECURITY
Reddit hacked and defaced with pro-Trump messages in English and Chinese
Reddit Inc. is the latest company to be hacked, with some 70 groups on the site defaced with pro-Donald Trump messages.
The hack occurred on Friday and involved those behind the attack accessing accounts belonging to moderators of popular subreddits with millions of subscribers, including r/space, r/food, r/Japan, r/nfl, r/cfb and r/podcasts.
The messages posted by the hackers were pro-Trump in both English and simplified Chinese text. The Chinese text in one case (pictured) asked whether former president Barack Obama was a Kenyan, a reference to so-called “birther” conspiracy theories, along with a shout-out to YouTuber David Pakman.
How the accounts were compromised is unknown, but Reddit said it was investigating the incident. On a support thread, Reddit did note that the moderators of the compromised subreddits had not been using two-factor authentication on their accounts. The same thread also added that users should look for signs of a compromise, including an email notification that their password or email address on their account had been changed.
Still, the lack of two-factor authentication doesn’t explain how those behind the hack obtained passwords for the targeted accounts to begin with.
“Most of these popular subreddits are actually ran by volunteers, which makes it tough for Reddit to enforce certain security requirements as it currently stands,” Zack Allen, director of threat intelligence at cybersecurity company ZeroFOX Inc., told SiliconANGLE. “The accounts were probably compromised from a credential-stuffing attack (reused passwords from well-known breaches, like the ones from ShinyHunters and/or GnosticPlayers), phishing or a combination of both.”
Matthew Gardiner, principal security strategist at cloud cybersecurity firm Mimecast Ltd., noted that it’s becoming ever more clear that every participant in these social networks must also adopt the “zero-trust” model – that is, not assuming anything is true unless they can independently verify it.
“This Reddit hack and the recent Twitter hack were easy to discern as bogus, but what if the cybercriminals had been a bit more nefarious and a bit more believable?” Gardiner asked. “It is scary to think what actual damage they could do if they really tried.”
Image: Tim Pool/Twitter
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
