2018 Breach: Attacker Bypasses Employees' SMS-Based 2FA and Steals a 2007 Database Backup

Between June 14 and June 18, 2018, an attacker compromised several Reddit employee accounts at the company's cloud and source-code hosting providers, intercepting SMS-based two-factor codes to bypass the employees' 2FA. The intruder gained read-only access to systems holding backup data, source code and logs, including a complete copy of an early database backup spanning the site's 2005 launch through May 2007. That backup held usernames, salted-and-hashed passwords, email addresses and early content; separately, email-digest logs from June 2018 tied some current usernames to email addresses. Reddit discovered the breach on June 19, disclosed it on August 1, reported it to law enforcement and reset passwords where credentials might still be valid. The company said SMS interception was the main vector and moved privileged access to token-based 2FA.