Home / News & Resources / News & Updates / Serious data breach uncovered at Reddit

Serious data breach uncovered at Reddit

  • Posted on

Social news aggregation, web content rating and discussion website Reddit, has revealed that it was the victim of a data hack. In this case, a cybercriminal broke into some of Reddit's systems and accessed user data.

Many people use Reddit to post highly personal anonymous stories. In fact, the platform prides itself on providing a safe space for people to say whatever they want, without their messages being linked to their real identities.

But if usernames can be connected to emails following this breach, the identities of 'Redditors' could be revealed. And the consequences for these people could be devastating.

At Hayes Connor, our data breach solicitors set out what you should do if you are a user who is concerned about the impact the data breach at reddit could have on you.

What information was stolen?

The data accessed included complete information from a 2007 database backup which contained old protected (salted and hashed) passwords, email addresses, public posts and private messages.

Reddit has confirmed that it will be contacting all users affected by the breach of this database. The company has also urged users who used the platform anywhere near 2007 to reset their passwords and enable 2-factor authentication. So, if you are a long-standing Reddit user (or were a user back then), it's worth checking your spam folder just in case. Those who signed up for the online service after 2007 should be in the clear.

In addition to the old database, more recent data, including email addresses and 'subreddits' people have subscribed to have also been accessed by cybercriminals.

However, there is no indication that Reddit will be contacting those individuals who have had their current email addresses stolen. So you'll have to figure that out for yourself.

Reddit is asking users who have had their email address affected, to "think about whether there's anything on your Reddit account that you wouldn't want associated back to that address" and remove it. Put simply, affected users should delete any posts they don't want to be traced back to.

What happens now?

The attack happened between 14th - June 18th June, and was discovered a day later.

Reddit has said that it is conducting a "painstaking investigation to figure out just what was accessed", and to improve its systems and processes to prevent this from happening again.

Reddit has also said that it has reported the issue to law enforcement and is cooperating with investigations.

Why are people worried?

While much of the data accessed is at least 11 years old, that doesn't mean that people aren't right to be distressed at the thought of their private communications - including messages - falling into the wrong hands. Especially when this data can be linked to a specific email address (and therefore a person).

The security incident has been described as a "serious attack," and just because Reddit was a victim of cybercriminals, doesn't mean it is any less liable if it failed to protect your all-important data sufficiently. Big companies must be held to account.

Your distress matters!

Some people would have you believe that claiming for distress is an overreaction, but our data breach solicitors and the law don't look at things this way.

The sheer scale of the information we share on social media is enough to leave victims open to the threat of fraud. And we should all be very worried about what could happen if this gets into the wrong hands.

If you have suffered damage or distress caused by an organisation breaching any part of the Data Protection Act, you have a right to claim compensation. And you can do this if you have struggled emotionally following a data breach, even if you have not experienced any financial loss.

At Hayes Connor Solicitors, our data breach solicitors have been helping people to claim compensation for over 50 years, so we know what it takes to make a successful data breach claim. Our initial evaluation is always free of charge, and there's never any obligation to take things further.

If we do think you have a reasonable chance of winning your case, we'll let you know straight away. What's more, once appointed, we provide a NO WIN, NO FEE service; so you have nothing to lose.