UPDATED 22:07 EDT / AUGUST 09 2020

reddihacked SECURITY

Reddit hacked and defaced with pro-Trump messages in English and Chinese

Reddit Inc. is the latest company to be hacked, with some 70 groups on the site defaced with pro-Donald Trump messages.

The hack occurred on Friday and involved those behind the attack accessing accounts belonging to moderators of popular subreddits with millions of subscribers, including r/space, r/food, r/Japan, r/nfl, r/cfb and r/podcasts.

The messages posted by the hackers were pro-Trump in both English and simplified Chinese text. The Chinese text in one case (pictured) asked whether former president Barack Obama was a Kenyan, a reference to so-called “birther” conspiracy theories, along with a shout-out to YouTuber David Pakman.

How the accounts were compromised is unknown, but Reddit said it was investigating the incident. On a support thread, Reddit did note that the moderators of the compromised subreddits had not been using two-factor authentication on their accounts. The same thread also added that users should look for signs of a compromise, including an email notification that their password or email address on their account had been changed.

Still, the lack of two-factor authentication doesn’t explain how those behind the hack obtained passwords for the targeted accounts to begin with.

“Most of these popular subreddits are actually ran by volunteers, which makes it tough for Reddit to enforce certain security requirements as it currently stands,” Zack Allen, director of threat intelligence at cybersecurity company ZeroFOX Inc., told SiliconANGLE. “The accounts were probably compromised from a credential-stuffing attack (reused passwords from well-known breaches, like the ones from ShinyHunters and/or GnosticPlayers), phishing or a combination of both.”

Matthew Gardiner, principal security strategist at cloud cybersecurity firm Mimecast Ltd., noted that it’s becoming ever more clear that every participant in these social networks must also adopt the “zero-trust” model – that is, not assuming anything is true unless they can independently verify it.

“This Reddit hack and the recent Twitter hack were easy to discern as bogus, but what if the cybercriminals had been a bit more nefarious and a bit more believable?” Gardiner asked. “It is scary to think what actual damage they could do if they really tried.”

Image: Tim Pool/Twitter

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.