In a coordinated attack against Reddit that underscored the importance of multifactor authentication hackers compromised moderator accounts and led to numerous subreddit accounts being vandalized and defaced with pro-Trump messaging.
Reddit acknowledged the “ongoing incident” and said it is “working on locking down the bad actors and reverting the changes.” The platform administrators called for patience from its community, promising to restore mod accounts, though it was not the first priority, and to restore access to compromised and locked down accounts at a later stage in the process.
The attack began more than 24 hours ago and Reddit “officially confirmed that none of the accounts that were compromised had 2fa enabled at the time of the compromise.”
While 2fa doesn’t guarantee account safety, “it’s still an important step” toward keeping accounts more secure. The platform hasn’t said who might be behind the attack but a hijacked Twitter account, since suspended, took credit, posting the names of the subreddit accounts compromised and mocking the easy-to-crack passwords used to protect them.
In a coordinated attack last month, hackers social engineered Twitter insiders and hijacked verified accounts belonging to high-profile individuals and companies like Joe Biden, Bill Gates, Apple and Elon Musk promised followers a large pay out if they’d just send bitcoin to a block chain address — ostensibly to donate to Covid-19 community aid. Last week, a teen ringleader and two accomplices were arrested for that attack.