UPDATED 22:07 EDT / AUGUST 09 2020

SECURITY

Reddit hacked and defaced with pro-Trump messages in English and Chinese

Reddit Inc. is the latest company to be hacked, with some 70 groups on the site defaced with pro-Donald Trump messages.

The hack occurred on Friday and involved those behind the attack accessing accounts belonging to moderators of popular subreddits with millions of subscribers, including r/space, r/food, r/Japan, r/nfl, r/cfb and r/podcasts.

The messages posted by the hackers were pro-Trump in both English and simplified Chinese text. The Chinese text in one case (pictured) asked whether former president Barack Obama was a Kenyan, a reference to so-called “birther” conspiracy theories, along with a shout-out to YouTuber David Pakman.

How the accounts were compromised is unknown, but Reddit said it was investigating the incident. On a support thread, Reddit did note that the moderators of the compromised subreddits had not been using two-factor authentication on their accounts. The same thread also added that users should look for signs of a compromise, including an email notification that their password or email address on their account had been changed.

Still, the lack of two-factor authentication doesn’t explain how those behind the hack obtained passwords for the targeted accounts to begin with.

“Most of these popular subreddits are actually ran by volunteers, which makes it tough for Reddit to enforce certain security requirements as it currently stands,” Zack Allen, director of threat intelligence at cybersecurity company ZeroFOX Inc., told SiliconANGLE. “The accounts were probably compromised from a credential-stuffing attack (reused passwords from well-known breaches, like the ones from ShinyHunters and/or GnosticPlayers), phishing or a combination of both.”

Matthew Gardiner, principal security strategist at cloud cybersecurity firm Mimecast Ltd., noted that it’s becoming ever more clear that every participant in these social networks must also adopt the “zero-trust” model – that is, not assuming anything is true unless they can independently verify it.

“This Reddit hack and the recent Twitter hack were easy to discern as bogus, but what if the cybercriminals had been a bit more nefarious and a bit more believable?” Gardiner asked. “It is scary to think what actual damage they could do if they really tried.”

Image: Tim Pool/Twitter

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.