U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A hacker compromised several Reddit accounts to prove it needs 2FA

A mysterious hacker is responsible for a mass Reddit defacement of 70 subreddits, he wants to demonstrate the lack of security of the popular platform. Someone is creating the panic on Reddits, a mysterious user behind the name TehBVM (@TehBVM) claims to have already popped more than 100 Reddit subreddits. The user already targeted subreddits related […]

A hacker compromised several Reddit accounts to prove it needs 2FA

A mysterious hacker is responsible for a mass Reddit defacement of 70 subreddits, he wants to demonstrate the lack of security of the popular platform.

Someone is creating the panic on Reddits, a mysterious user behind the name TehBVM (@TehBVM) claims to have already popped more than 100 Reddit subreddits. The user already targeted subreddits related to Battlefield One game, Marvel Studios, Star Wars, How to Hack, and Game of Thrones, he also defaced popular subreddits like TIFU (today I f**ked up).

The hacker spent the last weeks hijacking Reddit moderator accounts and defacing their subreddit pages, changing cover images and CSS.

Which is the motivation behind the defacements?

Apparently, TehBVM is doing it partly to demonstrate the lack of security posture of Reddit, the hacker hasn’t disclosed personal information belonging to the Reddit users.

“Around 70 or more subreddits have been defaced since 4 May – including /r/gameofthrones,/r/starwars/r/pics/r/books/r/marvel/r/robocraft and others.”

TehBVM did not explain how he compromised the Reddit accounts the unique certainly seems to be that he hasn’t launched a brute force attack against the platform. It is likely that the hacker is using login credentials related to other data breaches with the hope that users have shared it among multiple online services.

Reddit hack

TehBVM is also offering moderator account credentials on the hacked subreddits.

Clearly this kind of incidents could be simply avoided by introducing a two-factor authentication mechanism.

Reddit has already planned the introduction of the 2FA feature, but it is still to develop a beta.

The lack of a strong authentication method was already exploited in the past by hackers, in 2013 other subreddits have been popped in similar circumstances.

Reddit hack 2

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Reddit, hacking)