2020 Pro-Trump Defacement Wave via Hijacked Moderator Accounts

Over a roughly 24-hour period in early August 2020, attackers defaced more than 70 subreddits, replacing banners, icons, and styling with imagery and messaging promoting President Donald Trump's reelection. The affected communities spanned a wide range of large, mainstream subreddits, including r/space, r/NFL, and r/food, alongside numerous sports- and entertainment-focused communities, making the defacements highly visible across the site.

As in the 2016 TehBVM campaign, the vector was not a breach of Reddit's servers but the compromise of moderator accounts. A Reddit spokesperson confirmed that the source of the defacements was hijacked moderator accounts, and — critically — that none of the compromised accounts had two-factor authentication enabled at the time. Reporting indicated the attackers likely relied on a mix of credential stuffing (replaying passwords leaked from unrelated breaches against Reddit logins) and brute-forcing, both of which succeed disproportionately against accounts without a second authentication factor.

The political framing of the defacements gave the incident added weight given the timing: it landed in the months before the November 2020 U.S. presidential election, a period of heightened concern about platform manipulation and election-related influence operations. Although the attack appears to have been opportunistic account takeovers rather than a coordinated state operation, the choice to weaponize hijacked communities for electioneering messaging meant the security failure carried a civic dimension beyond the cosmetic damage to individual subreddits.

Reddit's response leaned heavily on its longstanding recommendation rather than a structural fix. The company restored the affected communities and reiterated its guidance that moderators enable two-factor authentication, pointing to the absence of 2FA on the compromised accounts as the proximate cause. The episode reopened a recurring criticism: that Reddit had for years treated 2FA — particularly for moderators who control large public communities — as optional rather than mandatory, leaving the integrity of major subreddits dependent on individual volunteers' security choices.

The 2020 defacements are significant as a direct sequel to the 2016 incident, demonstrating that the same weakness — moderator accounts protected only by reusable passwords — remained exploitable four years later, and that the harm could escalate from generic vandalism to politically charged messaging on the eve of a national election. The pattern strengthened the case, made repeatedly by security commentators, that platforms should require strong authentication for accounts wielding outsized community control rather than merely encouraging it.