NCSC advice for Reddit users

Who is this guidance for?

Anyone who has had an account on the Reddit internet forum between 2005 and the present day.

Overview

On Wednesday 1 August 2018, Reddit published information on its forum confirming that in June 2018, all data created on Reddit between 2005-2007 – including users’ protected passwords and email addresses – had been compromised.

In addition, current usernames and corresponding email addresses were obtained from weekly email digests that roundup top Reddit posts. Reddit’s full statement can be found here.

Attackers may use this stolen personal data to approach people, and attempt to trick them into revealing more information (such as banking login details).

What should I do?

  • If you haven’t changed your Reddit password since 2008, change it now (see Cyber Aware’s advice on creating a good password that you can remember, or our own blog post for help on using a password manager). If you know you have used this password elsewhere then change it there too.
  • Enable two-factor authentication for important accounts, where you can. Even SMS-based two-factor is much better than none.
  • Be wary of unsolicited emails, phone calls or SMS messages, asking you to disclose further personal details. Some scams can be very convincing and attackers may use your personal data to make them look even more realistic. Report suspicious emails, phone calls or SMS messages to Action Fraud.
  • Now would be a good time to check if your account has appeared in any other public data breaches. Visit https://haveibeenpwned.com, enter your email address and go from there.

What else do I need to know?

Private messages sent before 2008 through the site may have been leaked, which could cause concern to some users. For modern data, the breach of privacy was minimal (you might be able to infer that someone is a member of a ‘niche’ reddit group from the email digest they are sent).

Anyone concerned about fraud or lost data should contact Action Fraud’s online reporting tool, or call 0300 123 2040.

For further information visit www.actionfraud.police.uk.

We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News MPs and peers ask information commissioner to investigate TikTok
Serviceteam IT Security News CyBOK – release of the first Knowledge Areas
Serviceteam IT Security News Manchester will be hosting our biggest CYBERUK yet
Serviceteam IT Security News IoT Malware Activity Already More Than Doubled 2016 Numbers
Serviceteam IT Security News Penetration Testing
Serviceteam IT Security News Stride security review