Reddit massive hack: hackers defaced channels with pro-Trump messages

Reddit suffered a massive hack, threat actors compromised tens of Reddit channels and defaced them showing messages in support of Donald Trump’s campaign.

Reddit suffered a massive hack, threat actors defaced tens of channel to display messages in support of Donald Trump’s reelection campaign.

At the time of writing, the massive hack is still ongoing and Reddit’s security team is working to restore the operations.

Below a list containing some of the impacted subreddits, some of them having tens of millions of members:

• r/NFL
• r/CFB (Canadian Football League)
• r/TPB (The Pirate Bay’s Reddit channel)
• r/BlackMirror (TV show)
• /r/Buffy (TV show)
• r/Avengers (Movie franchise)
• r/Vancouver (city)
• r/Dallas (city)
• r/Plano (city)
• r/Japan
• r/Gorillaz (music band)
• r/Podcasts
• /r/Disneyland
• r/49ers (NFL team)
• /r/BostonCeltics (NBA team)
• r/Leafs (Toronto Mapple Leafs)
• /r/EDM (electronic dance music channel)
• /r/Food
• r/Beer
• r/Renting
• r/Lockpicking
• r/Subaru (car maker)
• r/freefolk (Game of Thrones fan channel)
• r/Space
• r/ISS
• r/DestinyTheGame (video game)
• r/LawSchool
• r/StartledCats
• r/TheDailyZeitgeist
• r/Supernatural
• /r/Naruto
• /r/RupaulsDragRace
• r/GRE
• r/GMAT
• r/greatbritishbakeoff
• r/11foot8
• r/truecrimepodcasts
• r/comedyheaven
• r/weddingplanning
• r/Chadsriseup
• r/BertStrips
• r/KingkillerChronicle (book series)
• r/PoliticalDiscussion
• r/MadLads
• r/DNDMemes
• r/woodpaneled
• r/telescopes
• r/WeAreTheMusicMakers
• r/DeTrashed
• r/Samurai8
• r/3amjokes
• r/ANGEL
• r/PhotoshopBattles
• r/Animemes
• r/comedyheaven/
• r/awwducational
• r/gamemusic
• r/hentaimemes
• r/ShitAmericansSay
• r/ShitPostCrusaders
• r/SweatyPalms
• r/Locklot
• r/BadHistory
• r/CrewsCrew/
• r/ListenToThis
• r/PokemonGOBattleLeague
• r/FacingTheirParenting
• r/TwoSentenceHorror
• r/BookSuggestions
• r/FreezingFuckingCold/
• r/woof_irl
• r/BurningAsFuck
• r/ImagineThisView
• r/AnotherClosetAtheist
• r/CasualTodayILearned
• r/ShowerBeer
• r/TookTooMuch
• r/DallasProtests/
• r/BannedFromClubPenguin
• r/creepyPMs
• r/RedditDayOf
• r/AquaticAsFuck
• r/HeavyFuckingWind/
• r/BlackPeopleTwitter
• r/HuskersRisk
• r/Fireteams/
• r/LuxuryLifeHabits
• r/IRLEasterEggs
• r/nononono
• r/nonononoyes
• r/ThatsInsane

According to Reddit, the hacker compromised several subreddit moderator accounts.

Owners of the channel that are facing security issues could report problems in this Reddit ModSupport thread, meantime they are recommended to enable two-factor authentication (2FA) on their accounts and to change their passwords.

Indicators of compromise for the Reddit moderator accounts are:

• moderator received email notification that the password and/or email address on your account changed but you didn’t request changes
• moderator notice authorized apps on your profile that you don’t recognize
• moderator notice unusual IP history on your account activity page
• moderator see votes, posts, comments, or moderation actions that you don’t remember making, or private messages that you don’t remember sending

One of the moderators who had their account compromised published the details of the actions performed by attackers on his behalf.

“Help! I’ve been hacked by some bizarre pro-trump bot! It wrecked my subreddit’s style sheet, deleted all mods below me, updated the wiki… I’m in way over my head. What can I do? PSA: Change your passwords and enable 2-factor authentication!” reads the title of the discussion.

Once the attacker has taken the control of the mod’s account, he changed his subrreddit’s CSS stylesheet, deleted all mods with fewer permissions than him, and changed the community’s wiki.

Finally, the hacker published the message: “We Stand With Donal Trump #MIGA2020.”

The Twitter account https://twitter.com/advanceHCAjobs claimed responsibility for the massive Reddit hack, but currently, the account was suspended. While the hackers were targeting subreddits, they asking Twitter users to vote on them.

In June, Reddit has banned a channel of President Trump supporters, r/The_Donald, after he received reports of harassment, bullying, and threats of violence.

Pierluigi Paganini

(SecurityAffairs – hacking, Trump)

[adrotate banner=”5″]

[adrotate banner=”13″]