Before Reddit, in June 2020, more than 1,150 Roblox accounts were also hacked and defaced with pro-Donald Trump content.
Free real estate – hard to find but that’s exactly what some hackers have been thinking lately of Reddit. Instead of going the legal route for advertising, yesterday, dozens of subreddits were defaced and Pro-Trump messages were posted as the elections draw nearer.
These channels include several prominent ones such as that of the NFL, the Avengers, BlackMirror, and Japan with the full list given in the appendix at the bottom.
According to various subreddits and also the Reddit itself, the hack occurred due to moderator accounts being compromised by the hackers allowing them to control the channels as they please.
This may have been because of lax security measures employed by these moderators as several have come forward and admitted to not using two-factor authentication which in many cases provides a strong defense against such attacks.
One moderator also vented out in a post and posted images of the activity log of their account once the attacker took over:
As for who was behind the attack, a Twitter user with a mere 19 followers claimed to be the one but their account was suspended shortly afterward making it difficult to know more about the attackers.
However, according to UnderTheBreach, the claims from the aforementioned Twitter account is bogus and merely tweeting for attention with no connection with the actual hack.
People have been using bruteforce programs like SentryMBA to hack Reddit accounts for years, if a mod had a weak password he would have already been hacked so this is 100% false.
I don't know what made people think this account is behind the hack but he is lying about this claim pic.twitter.com/rZxhDqlvL4
— Under the Breach (@UnderTheBreach) August 7, 2020
One speculation to the motives of targeting Reddit though comes from the fact that Reddit banned the “r/The_Donald” subreddit not so long ago for violating its policies. Therefore, the attackers may have been taking revenge through such an act.
To conclude, we’ve also seen such an incident occur before just over a month ago when over 1800 Roblox accounts were defaced with similar messages. Back then too, the attackers took advantage of the fact that 2FA was not being used in addition to weak passwords and so once again, we advise all users to employ strong alphanumeric passwords along with 2FA.
Moreover, any moderator that believes they may have been compromised should immediately change their passwords both on Reddit and anywhere else where they may be reusing them.
Appendix – List of Subreddits hacked: