Security & Fraud

Reddit Confirms Hack Of Third-Party Software Vendor

Reddit disclosed the results of an internal investigation into a hack of its platform, saying a hacker was able to get into its third-party password reset system.

According to a report in The Next Web, Reddit said that while the hacker was able to get access to the password recovery emails that are sent out by Mailgun, its third-party software vendor, it said the hacker didn’t have access to Reddit’s systems or to any Redditors' email accounts. Reddit noted it is working with Mailgun to pinpoint all the accounts that were impacted.

“On 12/31, Reddit received several reports regarding password reset emails that were initiated and completed without the account owners’ requests,” a post on Reddit read. “We have been working to investigate the issue and coordinating with Mailgun, a third-party vendor we’ve been using to send some of our account emails, including password reset emails. A malicious actor targeted Mailgun and gained access to Reddit’s password reset emails.”

The report noted that as soon as Mailgun alerted them to the breach, Reddit moved all of its password reset emails to a server that is located on their premises. “We know this is frustrating as a user, and we have put additional controls in place to help make sure it doesn’t happen again,” Reddit said in the message.

Mailgun also released a statement to alert users that its API key was hacked, saying it took immediate action to determine the cause and impact of the breach. “On January 3, 2018, Mailgun became aware of an incident in which a customer’s API key was compromised and immediately began diagnostics to help determine the cause and the scope of impact," said Mailgun's CTO, Josh Odom, in a blog post. "At that point in time, we were able to determine that the root cause was due to a Mailgun employee’s account being compromised by an unauthorized user. We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application."

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW