Heads Up: Your Ancient Reddit Password is Compromised

If you still use the same Reddit password you did in 2007, wow: you’ve been on Reddit a long time. Also your password is compromised.

Sometime in June a hacker got into a few Reddit servers and accessed, among other things, an old database. From Reddit’s post about the incident:

What was accessed: A complete copy of an old database backup containing very early Reddit user data—from the site’s launch in 2005 through May 2007. In Reddit’s first years it had many fewer features, so the most significant data contained in this backup are account credentials (username + salted hashed passwords), email addresses, and all content (mostly public, but also private messages) from way back then.

Reddit is sending messages to affected users, encouraging them to change their password. If you re-use your ancient Reddit password on other sites you should change it on those sites as well. Also you should use a password manager, because re-using an eleven year old password on multiple sites is just plain unacceptable.

It’s worth talking a little bit about the specifics of how this happened. The SMS-based two factor authentication of a couple Reddit employees was compromised, giving hackers access to the files in questions. This is yet another example of why you shouldn’t use SMS for two factor authentication, so consider switching out any SMS systems that offer an alternative ASAP. It’s annoying, sure, but worthwhile if you want to keep your accounts secure.

Photo credit: Eva Blue

Justin Pot is the News Editor for How-To Geek. He lives in Hillsboro, Oregon and runs the Hillsboro Signal, which offers local citizen journalism. Follow Justin on Twitter and Facebook, if you want. You don't have to.