Reddit massive hack: hackers defaced channels with pro-Trump messages

Reddit suffered a massive hack, threat actors compromised tens of Reddit channels and defaced them showing messages in support of Donald Trump’s campaign.

Reddit suffered a massive hack, threat actors defaced tens of channel to display messages in support of Donald Trump’s reelection campaign.

At the time of writing, the massive hack is still ongoing and Reddit’s security team is working to restore the operations.

Below a list containing some of the impacted subreddits, some of them having tens of millions of members:

r/NFL
r/CFB (Canadian Football League)
r/TPB (The Pirate Bay’s Reddit channel)
r/BlackMirror (TV show)
/r/Buffy (TV show)
r/Avengers (Movie franchise)
r/Vancouver (city)
r/Dallas (city)
r/Plano (city)
r/Japan
r/Gorillaz (music band)
r/Podcasts
/r/Disneyland
r/49ers (NFL team)
/r/BostonCeltics (NBA team)
r/Leafs (Toronto Mapple Leafs)
/r/EDM (electronic dance music channel)
/r/Food
r/Beer
r/Renting
r/Lockpicking
r/Subaru (car maker)
r/freefolk (Game of Thrones fan channel)
r/Space
r/ISS
r/DestinyTheGame (video game)
r/LawSchool
r/StartledCats
r/TheDailyZeitgeist
r/Supernatural
/r/Naruto
/r/RupaulsDragRace
r/GRE
r/GMAT
r/greatbritishbakeoff
r/11foot8
r/truecrimepodcasts
r/comedyheaven
r/weddingplanning
r/Chadsriseup
r/BertStrips
r/KingkillerChronicle (book series)
r/PoliticalDiscussion
r/MadLads
r/DNDMemes
r/woodpaneled
r/telescopes
r/WeAreTheMusicMakers
r/DeTrashed
r/Samurai8
r/3amjokes
r/ANGEL
r/PhotoshopBattles
r/Animemes
r/comedyheaven/
r/awwducational
r/gamemusic
r/hentaimemes
r/ShitAmericansSay
r/ShitPostCrusaders
r/SweatyPalms
r/Locklot
r/BadHistory
r/CrewsCrew/
r/ListenToThis
r/PokemonGOBattleLeague
r/FacingTheirParenting
r/TwoSentenceHorror
r/BookSuggestions
r/FreezingFuckingCold/
r/woof_irl
r/BurningAsFuck
r/ImagineThisView
r/AnotherClosetAtheist
r/CasualTodayILearned
r/ShowerBeer
r/TookTooMuch
r/DallasProtests/
r/BannedFromClubPenguin
r/creepyPMs
r/RedditDayOf
r/AquaticAsFuck
r/HeavyFuckingWind/
r/BlackPeopleTwitter
r/HuskersRisk
r/Fireteams/
r/LuxuryLifeHabits
r/IRLEasterEggs
r/nononono
r/nonononoyes
r/ThatsInsane

According to Reddit, the hacker compromised several subreddit moderator accounts.

Owners of the channel that are facing security issues could report problems in this Reddit ModSupport thread, meantime they are recommended to enable two-factor authentication (2FA) on their accounts and to change their passwords.

Indicators of compromise for the Reddit moderator accounts are:

• moderator received email notification that the password and/or email address on your account changed but you didn’t request changes
• moderator notice authorized apps on your profile that you don’t recognize
• moderator notice unusual IP history on your account activity page
• moderator see votes, posts, comments, or moderation actions that you don’t remember making, or private messages that you don’t remember sending

One of the moderators who had their account compromised published the details of the actions performed by attackers on his behalf.

“Help! I’ve been hacked by some bizarre pro-trump bot! It wrecked my subreddit’s style sheet, deleted all mods below me, updated the wiki… I’m in way over my head. What can I do? PSA: Change your passwords and enable 2-factor authentication!” reads the title of the discussion.

Once the attacker has taken the control of the mod’s account, he changed his subrreddit’s CSS stylesheet, deleted all mods with fewer permissions than him, and changed the community’s wiki.

Finally, the hacker published the message: “We Stand With Donal Trump #MIGA2020.”

The Twitter account https://twitter.com/advanceHCAjobs claimed responsibility for the massive Reddit hack, but currently, the account was suspended. While the hackers were targeting subreddits, they asking Twitter users to vote on them.

Source BleepingComputer

In June, Reddit has banned a channel of President Trump supporters, r/The_Donald, after he received reports of harassment, bullying, and threats of violence.

Pierluigi Paganini

(SecurityAffairs – hacking, Trump)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.