GDPR: Report – Reddit hack: data held in 2007 exposed

gdprreport-logogReddit, the website supporting discussion and content ratings, has confirmed it was subject to a data breach, affecting all data held in 2007 and before and email digests sent in June of this year.

“Although it was a serious attack,” said Reddit in a statement, “the attacker did not gain write access to Reddit systems; they gained read-only access to some systems that contained backup data, source code and other logs.”

Jason Hart, CTO, Data Protection at Gemalto said: “Network intrusions like this are inevitable. The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed. Even with multi-factor authentication deployed, the Reddit breach still occurred. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.

Silicon: Reddit Confirms ‘Serious’ Hack Of User Data

siliconReddit knew of ‘security incident’ since 19 June but only alerted users more than a month later

More than a month since it happened, Reddit has this week confirmed that it has suffered what it is calling a ‘security incident’.

“Network intrusions like this are inevitable,” explained Jason Hart, CTO of data protection at Gemalto. “The Reddit issue reinforces again that being breached is not a question of ‘if’ but ‘when’ and a multi-layered approach to security is needed.”

“Even with multi-factor authentication deployed, the Reddit breach still occurred,” said Hart. “Two years ago NIST made recommendations for companies to consider stronger forms of MFA like token-based authentication. Given today’s security climate, all online companies should use the forms of multi-factor authentication that are appropriate for the data assets being accessed as well as using encryption and key management to secure sensitive data.”

To read the full article click here.