Reddit hacked: 70 subreddits hijacked by hackers

Reddit users were affected by a bizarre security incident over the weekend, mentioning experts from a pentesting course. More than 70 subreddits (name by which discussion forums on specific topics are known) were temporarily hijacked; threat actors used the forums to post messages in support of U.S. President Donald Trump, who is embarking on a re-election campaign.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es reddit1008202002.jpg

In a statement, Reddit mentioned that the compromised accounts did not have multi-factor authentication enabled: “We can officially confirm that none of the compromised accounts had the security feature enabled at the time of the incident.” Although platform operators point out that this is not a full security guarantee, it could prevent attacks like the one detected a couple of days ago.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es reddit10082020.jpg

In this regard, pentesting course specialists find it unlikely that those responsible for the attack would employ techniques such as SIM exchange, as multi-factor authentication would not have been an impediment to extending the scope of the attack, although there are still multiple hypotheses to be ruled out. Among the most likely causes of the incident are brute force attacks or credential stuffing campaigns.  

The platform has not issued statements about those responsible for the incident, although the owner of a Twitter account that has already been suspended claimed responsibility for the attack: “We are responsible for the current attack against the subreddits; We employ social engineering to trick users even more easily than in Twitter’s Bitcoin scam,” the alleged attackers mention, referring to the teens accused of the recent incident on Twitter.

Esta imagen tiene un atributo ALT vacío; su nombre de archivo es reddit1008202001.jpg

In case it is a credential stuffing campaign, those responsible for the attack should have carried out a detailed follow-up of the affected users, collecting credentials for a long time and waiting for the right time to begin, as mentioned by the pentesting course specialists.

Another possible explanation is that threat actors obtained lists of information exposed in other incidents and try to access affected Reddit accounts. Usernames and passwords could have been obtained from the data breach that affected Reddit in 2018, although at that time the platform ensured that the passwords exposed were encrypted. For his part, the creator of the Have I Been Pwned Troy Hunt platform mentions that Reddit’s stolen information never came to light.

On social engineering, the researchers mentioned that this is one of the most used techniques by hacking groups and were even employed in the Bitcoin scam that affected Twitter users by hijacking some verified accounts.