Social media site Reddit is attempting to cover up the scale of a massive data breach that has exposed thousands of its users real identities.
Reddit, the fourth most popular website in the US, quietly informed its users yesterday that a data breach had leaked user information. However, the actual truth is more disturbing.
Personal email address connected to thousands of accounts have been revealed, linking real names with Reddit accounts. This makes their past post history — on a site that sells itself on anonymity — a target that can be scraped to reveal plenty of private, highly personal details.
For years Reddit has encouraged people to openly engage in discussions where they reveal deeply personal details, bare their souls, and post fantasies and kinks. Steve Huffman, the site’s co-founder and CEO, has previously saidthat “privacy is built into Reddit.” It is the anonymity that Reddit promises that makes the site “more like a conversation one has in real life,” Huffman claims.
This breach originally occurred at TypeForm, but because Reddit required users to enter their usernames on that third-party site, their privacy is now compromised and their real identities have been exposed.
Screenshots of the Reddit announcement regarding the data breach can be seen below:
With credentials being bought and sold on the dark web for serious money, significant breaches – often in the millions, and sometimes including card data – seem to be more and more commonplace.
Based on the data stolen, here are specific types of information that are of value to cybercriminals. According to TrendMicro, hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft , and even blackmail. They can also be sold in bulk in deep web marketplaces.
- Member name
- Date of birth
- Social Security number
- Member identification numbers
- Email address
- Mailing and/or physical address
- Telephone numbers
- Banking account numbers
- Clinical information
- Claims information
End users are almost never the target of cybercriminals who are out to steal sensitive information in bulk, unless an individual is connected to an industry (for example, Spear Phishing). However, end users can be affected when their records were part of the information stolen from big companies. In such cases, it is best to take note of the following practices.
- Notify your bank. Verify your account details and change PIN codes.
- Double check email addresses from incoming emails. Cybercriminals can pose as bank representatives and ask for credentials.
- Do not click suspicious looking links or download files from unknown sources.
- If credentials or financials have been tampered, contact the breached company and ask if they can assist in enrolling in a fraud victim assistance program.