Reddit Hit By Coordinated Hack Promoting Trump’s Reelection
Multiple Reddit subreddits have been defaced during the last 24 hours, with the attackers behind this incident posting pro-Trump messages and changing the communities’ themes to show content supporting Trump’s 2020 campaign.
“There is an ongoing incident with moderator accounts being compromised and used to vandalize subreddits,” a Reddit admin said. “We’re working on locking down the bad actors and reverting the changes.”
“If you were removed as a mod, please sit tight: We will be adding mods back, but it’s not our first priority.”
Reddit mods urged to enable two-factor authentication
Reddit admins urged subreddit moderators to enable two-factor authentication (2FA) on their accounts and to change their passwords.
According to one Reddit admin, the bad actors behind this incident have been active “in the last 24h.”
Reddit moderators are advised to look for the following signs to know if their accounts have been compromised:
• You received email notification that the password and/or email address on your account changed but you didn’t request changes
• You notice authorized apps on your profile that you don’t recognize
• You notice unusual IP history on your account activity page
• You see votes, posts, comments, or moderation actions that you don’t remember making, or private messages that you don’t remember sending
One of the mods who had their account compromised shared a screenshot of all the actions taken by the hacker using his account.
As you can see from the image below, after taking control of the account, the attacker changed his subrreddit’s CSS stylesheet, deleted all mods with fewer permissions than him, and changed the community’s wiki.
Finally, the hacker stickied a post titled “We Stand With Donal Trump #MIGA2020.”
A hacked Twitter account is claiming responsibility for the coordinated attack on Reddit. During the attack, the hackers tweeted out new subreddits that they were targeting, asking Twitter users to vote on them.
They also tweeted about the Reddit mods’ passwords being easy to guess, suggesting that the attackers brute-forced their way into the mods’ accounts to take over the Reddit communities impacted in the incident.
Also read: 4 easy guides to data breach assessment
A partial list of all affected subreddits (including r/space, r/NFL, r/food, and others) is embedded below.
r/49ers
r/3amjokes
r/ANGEL
r/Animemes
r/AquaticAsF*ck
r/Avengers
r/awwducational
r/badhistory
r/bannedfromclubpenguin
r/beer
r/bertstrips
r/blackmirror
r/BlackPeopleTwitter
r/booksuggestions
r/bostonceltics
r/buffy
r/BurningAsF*ck
r/CasualTodayILearned
r/CFB
r/comedyheaven
r/creepyPMs
r/CrewsCrew
r/Dallas
r/DallasProtests
r/DestinyTheGame
r/DeTrashed
r/Disneyland
r/dndmemes
r/EDM
r/Fireteams
r/food
r/freefolk
r/FreezingF*ckingCold
r/gamemusic
r/gorillaz
r/Gunpla
r/HeavyF*ckingWind
r/hentaimemes
r/HuskersRisk
r/ImagineThisView
r/IRLEasterEggs
r/iss
r/Japan
r/KingkillerChronicle
r/lawschool
r/lockpicking
r/LuxuryLifeHabits
r/Naruto
r/nfl
r/nononono
r/nonononoyes
r/photoshopbattles
r/plano
r/podcasts
r/PokemonGOBattleLeague
r/politicaldiscussion
r/Redditdayof
r/rupaulsdragrace
r/ShitAmericansSay
r/ShitPostCrusaders
r/space
r/StartledCats
r/subaru
r/Supernatural
r/Sweatypalms
r/telescopes
r/ThatsInsane
r/TPB
r/vancouver
r/WeAreTheMusicMakers
r/weddingplanning
r/woof_irl
r/AnimemesPropagandaHQ
r/LawSchool
r/ListenToThis
r/startledcatsA Reddit spokesperson told BleepingComputer that the ongoing attack was due to compromised moderator accounts. The company is in the process of restoring affected communities and locking down compromised mod accounts.
“An investigation is underway related to a series of vandalized communities,” the Reddit spokesperson said.
“It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.”
Also read: 12 brief explanation about the benefits of data protection for business success
0 Comments