In what appears To be a massive coordinated strike against Reddit, hackers took over dozens of pages on Friday afternoon, using their access to plaster of paris pro Donald Trump images via subreddits with a large fan base.
Just over three weeks after hackers used high-profile Twitter accounts to tweet a Bitcoin scam, the Reddit compromise wave has a similarly noticeable reach. Reddit communities of well over a million members – including R / Space, R / Food, and R / NFL – have all been defaced with campaign banners from Make America Great Again and other pro-Trump signage.
At some point on Friday morning, hackers started infiltrating the moderators̵
“We would like to ask and strongly encourage all of you, on behalf of the American people, to vote for Trump in the 2020 US election of America,” read one such message published to college football-focused r / cfb. The post calls the novel coronavirus a “joke”, compares Trump loosely with Batman and ends with a list of “Ten things Democrats did wrong” with the bullet point “Nice people are hated by the Democrats”. In the case of r / cfb, the hackers also set the community to private and only left an emoji-strewn pro-Trump message on the landing page for the banned.
“An investigation into a number of communities destroyed is ongoing,” said a Reddit spokesman. “It appears that the source of the attacks were compromised moderator accounts. We are working on suspending these accounts and restoring affected communities. “
Attempted to credit the attacks on Twitter, hackers said that “we combined password stuffing and social engineering to defeat the teenage Bitcoin scammer,” an obvious reference to alleged Twitter hack ringleader Graham Ivan Clark who was arrested last week. Credential filling occurs when attackers use previously leaked passwords to break into accounts with the same email address, exploiting the general human tendency to reuse passwords. Social engineering is a panacea for getting people to give you information that will help you break into their or someone else’s account. It is at the heart of many so-called SIM swap attacks that help hackers bypass two-factor authentication.
Claims of hacking credit on Twitter should be taken with hefty chunks of salt, but a combination of password reuse and SIM swapping could certainly be at the heart of the Reddit hacks. Since the acquisitions, Reddit users have been trying to find out what happened and keep their own accounts safe. A post posted this afternoon by a Reddit community moderator warns people to check for unexpected password reset emails and prompts mods to change their passwords. A post on r / SubredditDrama has a “Guide to Unfucking Your Subbreddit” that originally started with “#ENABLE TWO-FACTOR AUTHENTICATION” but was edited to compromise some accounts with two factors.
As with the Twitter hacks, there is also a possibility that attackers could gain access to Reddit’s internal tools. This would help explain the enormous scope of the problem and how the attackers were able to move across the platform so quickly.
In total, problems occurred with at least 70 subreddits. Many of the subreddits were restored later that afternoon, but some victims, including r / GreatBritishBakeOff and r / buffy, remained MAGAtized.