Who is this guidance for?
Anyone who has had an account on the Reddit internet forum between 2005 and the present day.
On Wednesday 1 August 2018, Reddit published information on its forum confirming that in June 2018, all data created on Reddit between 2005-2007 - including users’ protected passwords and email addresses - had been compromised.
In addition, current usernames and corresponding email addresses were obtained from weekly email digests that roundup top Reddit posts. Reddit’s full statement can be found here.
Attackers may use this stolen personal data to approach people, and attempt to trick them into revealing more information (such as banking login details).
What should I do?
- If you haven’t changed your Reddit password since 2008, change it now (see Cyber Aware's advice on creating a good password that you can remember, or our own blog post for help on using a password manager). If you know you have used this password elsewhere then change it there too.
- Enable two-factor authentication for important accounts, where you can. Even SMS-based two-factor is much better than none.
- Be wary of unsolicited emails, phone calls or SMS messages, asking you to disclose further personal details. Some scams can be very convincing and attackers may use your personal data to make them look even more realistic. Report suspicious emails, phone calls or SMS messages to Action Fraud.
- Now would be a good time to check if your account has appeared in any other public data breaches. Visit https://haveibeenpwned.com, enter your email address and go from there.
What else do I need to know?
Private messages sent before 2008 through the site may have been leaked, which could cause concern to some users. For modern data, the breach of privacy was minimal (you might be able to infer that someone is a member of a ‘niche’ reddit group from the email digest they are sent).
Anyone concerned about fraud or lost data should contact Action Fraud’s online reporting tool, or call 0300 123 2040.
For further information visit www.actionfraud.police.uk.
We also recommend that people are vigilant against any suspicious activity on their bank accounts and contact their financial provider if they have concerns.