Reddit announces data breach that threatens anonymity of users

Many Reddit users choose to remain anonymous on the website in order to freely discuss controversial topics or post salacious pictures.
by Alyssa Newcomb and Ben Collins /
WORLDZ Cultural Marketing Summit 2017
Reddit co-founder Alexis OhanianJerod Harris / Getty Images for PTTOW!

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Reddit on Wednesday announced that it had suffered a data breach that could threaten the anonymity of a portion of the website’s many users.

The company wrote in a post on its website that hackers had accessed a database that contained email addresses tied to user accounts. Reddit, the third-most visited website in the U.S., prides itself on its large, anonymous user base, which is allowed to post everything from news and cute dog GIFs to conspiracy theories and pornography.

Many Reddit users choose to remain anonymous in order to freely discuss controversial topics or post salacious pictures. A database of emails connected to Reddit usernames could be used to tie anonymous accounts to people’s identities.

Reddit said the breach affected every user who created an account from 2005 to 2007, as well as any users who were subscribed to its newsletter from June 3 to June 17.

Reddit did not reveal the exact number of accounts at risk.

A Reddit spokesperson said that the company learned of the breach on June 19.

"We are working with federal law enforcement, and have also taken measures to both address this current situation and prevent similar incidents in the future," the spokes person said in an email. "A small number of users were affected and have been notified."

Reddit in its post said that it would notify affected users by email and that other users should check their emails to see if they received the company’s newsletter during the June period.

Steve Huffman, Reddit’s CEO and co-founder, recently touted to The Atlantic that “privacy is built into Reddit.”

“When people detach from their real-world identities, they can be more authentic, more true to themselves,” Huffman said.

While anonymity allowed Reddit to grow into the world’s biggest message board, it has also enabled conspiracy theories and disinformation campaigns — including Russia’s “troll farm,” which deployed at least 1,000 accounts on the site — to wreak havoc on the platform.

Robert Siciliano, security analyst at Hotspot Shield, an online security company, said that this kind of breach can have serious real-world consequences due to the type of information that can be revealed.

“This breach, based on the nature of the information compromised and what some people post on Reddit, could definitely have a negative impact on relationships, employment and other factors,” Siciliano said.

Siciliano compared the Reddit breach to the 2015 Ashley Madison breach that exposed the email addresses and usernames of more than 33 million users seeking to have extramarital affairs or to arrange hookups with married people.

The Ashley Madison hack resulted in divorces and reportedly two suicides after the users were unmasked.

“The Ashley Madison hack caused some problems in people’s lives because of the types of things they were doing online,” Siciliano said.

Reddit is home to some of the internet’s largest anonymous amateur pornography communities. One subreddit, dubbed r/GoneWild, features nude pictures volunteered by Reddit users and has more than 1.5 million current subscribers.

Users who posted pictures to the subreddit now risk having their identity revealed if the hack is distributed on the web, effectively turning the leak into a revenge porn database.

“Without a doubt, anonymity is something users used to enjoy, but that is quickly going away due to the fact there have been, in the past two years alone, over 10,000 data breaches,” Siciliano said.

It’s also not enough to deactivate your Reddit account or delete a post, said Sam Small, chief security officer at ZeroFOX, a social media security and digital risk management company.

“Just because you deleted it on Reddit, doesn’t mean it no longer exists. There are plenty of services that cache old Reddit data,” Small said. “That’s not going to unwind time and make it as though you never made that post in the first place.”

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news