Multiple Reddit subreddits have been compromised by hackers that are posting messages and images promoting U.S. President Donald Trump’s re-election. A post by Reddit Admin details the attacks, noting that the incident involves the compromise of moderator accounts. The firm is working to lock down accounts of bad actors and “reverting the changes”, and is also investigating the breach.
The post also provides moderators and users a few steps to ascertain if their accounts have been compromised. It suggests that affected users note the names of their accounts in the stickied comment on that post. It also suggests that users who were removed as moderators “sit tight” as the service will be adding them back soon. However, securing the accounts will be the priority at first. Additionally, the firm reassures users that it has dedicated methods to detect compromised entities.
Here are the signs that users are being asked to look for to ascertain if their accounts were affected:
- You received email notification that the password and/or email address on your account changed but you didn’t request changes
- You notice authorized apps on your profile that you don’t recognize
- You notice unusual IP history on your account activity page
- You see votes, posts, comments, or moderation actions that you don’t remember making, or private messages that you don’t remember sending
Another important step that the post requests users to do is to enable two-factor authentication (2FA). The firm confirms that all accounts that were impacted did not have 2FA enabled, which made it easier for hackers to get through. The attacks apparently began about 24 hours ago and include subreddits such as r/japan, r/avengers, and more.
Currently, not all affected users will be able to tell that their accounts have been actioned on. “The best way to tell if we're already working on your subreddit is to look for admin actions in your modlog.”, the post adds. It is also asking all users to change their passwords if they are concerned about their accounts. Some affected accounts posted screenshots of their account logs.
BleepingComputer reports that a hacked Twitter account claimed responsibility for the coordinated attack on Reddit. The bad actors also reportedly tweeted subreddits that they intended to hack. The tweets also noted that the moderators’ passwords were weak and “easy to take over”. The account has since been suspended by Twitter.
Reddit says that once it has dealt with the situation, it will send out messages to all affected subreddits, “letting them know they were affected but the situation is now resolved”. The firm will also be posting more detailed information about the incident on r/redditsecurity later.