Reddit Experiences Hack Leading to Loss of Bitcoin Cash Tips
Another hack has affected people dealing with cryptocurrencies. This time, the one targeted was Reddit and its email provider. The company admitted that its email provider had been hacked and the attackers wanted to steal Bitcoin Cash tips.
Reddit started an internal investigation after receiving a series of reports talking about breached accounts and Bitcoin Cash tips that were stolen. The reports included complaints from users, who claimed that their Bitcoin Cash funds started to miss. Users claimed that they received some emails notifying them of account and password changes. Soon after, their Bitcoin Cash funds were emptied, users said in their complaints.
Well, according to Reddit, what happened is that a hacker managed to access the platform and breach its third-party password reset system. This way, the hacker gained access to the accounts of many people. The site also clarified that the attacker accessed password recovery emails distributed by Mailgun, a third party provider of software.
Furthermore, Reddit clarified that the attacker was not able to gain access to Reddit's systems or to redditors' email accounts. The company also said that it was working with Mailgun and it will identify all the affected accounts. For the moment, there are only 20 accounts that are known to have been affected by the attack, but Reddit's investigation remains ongoing.
The company revealed in an official post that it first started receiving reports about password reset emails on December 31. Reddit also revealed that the attacker targeted Mailgun directly.
Reddit has taken measures to prevent further attacks
As imagined, Reddit has already taken some precautionary measures to make sure that a similar situation will not happen in the future. What the company did was to reset emails to an in-house mail server. The company also said that it has put in place some additional controls to prevent similar occurrences.
Mailgun also confirmed the incident, but said that it was first informed of the potential hack on January 3. The company also said that it took immediate action.