Reddit Email Provider Breach Leads to Cryptocurrency Account Hacks
Reddit has recently confirmed that a breach in one of its email providers, Mailgun, has resulted in the hacking of user profiles and their associated cryptocurrency accounts.
According to reports, attackers were able to access Reddit accounts by exploiting password reset emails sent through the third-party vendor. Some users also discovered that their Bitcoin Cash tip accounts had been drained of funds.
Despite the concerning nature of the breach, Reddit has emphasized the importance of maintaining perspective. The platform assured users that the attackers did not have access to Reddit’s internal systems or to the users’ email accounts directly. Reddit stated that the number of confirmed affected users is currently less than 20.
Reddit released a statement regarding the incident, explaining that “On 12/31, Reddit received several reports regarding password reset emails that were initiated and completed without the account owners’ requests.” The platform has been working closely with Mailgun to investigate the issue and address any vulnerabilities. Additional security measures have been implemented to prevent similar incidents in the future.
Mailgun’s Response and Actions Taken
Mailgun, the third-party email provider, acknowledged the breach and identified the attack vector as a compromised employee email account. The company has since addressed the issue and implemented security patches to prevent further unauthorized access.
Mailgun’s Chief Technology Officer, Josh Odom, stated, “On January 3, 2018, Mailgun became aware of an incident in which a customer’s API key was compromised and immediately began diagnostics to help determine the cause and the scope of impact.” Odom confirmed that additional safeguards have been put in place to protect sensitive data within the application.
It was revealed that less than 1% of Mailgun’s entire customer base was affected by the breach, reassuring the majority of users that their accounts remained secure.
Both Reddit and Mailgun have advised users to remain vigilant and report any suspicious activities related to their accounts. The collaboration between the two companies serves as a reminder of the ongoing threat of cyber attacks and the importance of robust security measures to safeguard user information.