Reddit has suffered a data breach compromising usernames, passwords and email addresses of groups of users, the discussion and forum website has confirmed.
The breach, which has still to be clarified, was discovered on June 19, four day after the initial hack.
Hackers accessed two data sets, including one from 2007 containing account details and all public and private posts from 2005 to May 2007.
Visit Innovation Enterprise's Digital Marketing & Strategy Innovation Summit in Shanghai on September 5–6, 2018
In a post, the company said: "An attacker compromised a few of our employees' accounts with our cloud and source code hosting providers.
"Already having our primary access points for code and infrastructure behind strong authentication requiring two-factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would have hoped and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA."
Reddit has reported the cyberattack, which took place between June 14–18, to law enforcement, with Reddit stating that hackers "compromised a few of our employees’ accounts with our cloud and source code hosting providers".
The data accessed by the hackers included usernames, salted hashed passwords (passwords not actually used by users), email addresses and all content including private messages.