来自 资讯 2022-04-30 22:00 的文章

ddos高防_云盾网_免费测试

ddos高防_云盾网_免费测试

Reddit reported a data breach this week, and here’s what you need to know.

Social website Reddit announced this week that they suffered a data breach in June. In its official statement, the company calls the breach a "security incident" and provides a detailed account of how it happened.

"On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers," the statement reports. It goes on to admit this was a learning experience in security protocols: "We learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA."

The attacker gained "read only’" privileges in the Reddit system and no "write" privileges, so it could not inject false data or malware onto it. The information was viewed, copied, and stored for potential nefarious use at a later date. Reddit reports the data in question is everything from the website’s inception in 2005 through May 2007, plus "email digests" sent in June 2018. Email digests are essentially pages of recommended content customized to the user through automated logarithms. The company says it has sent informational messages to all users who have been affected.

"I wish all companies were as transparent as Reddit is," comments Avast security evangelist Luis Corrons. "I am impressed that 13 years ago they only stored hashes of salted passwords, as we have seen in some other breaches how companies just store hashes of the original passwords — and in some worse cases passwords, in plain text! Anyway, anyone registered on Reddit should change their password to be on the safe side."

"It does not matter the security measures you have in place," Luis continues. "If an attacker with enough funding goes after you, he will succeed. And this was the case with Reddit. What makes a difference here is the ability to detect the breach. In many cases the victim does not know about the breach until a third party (law enforcement) contacts them or data is leaked. We are talking months or years later. Here Reddit was able to detect the attack within 5 days, stopping the attackers in time to avoid further damage."

If you were a victim of the Reddit data breach, or simply want to take measures to better secure your own data, Avast recommends:

Learn about the latest breaches, the biggest breaches, and what you can do to keep yourself and your information protected with our Avast Data Breach Survival Guide.

On May 2, celebrate World Password Day by leveling up the strength and complexity of these most critical of security measures — your passwords.

Avast security experts explain the basics of staying safe on social media, public Wi-Fi, the internet of things, and more in ways that every parent can understand.

,带cc防御空间,ddos防御20g,服务器防御防止ddos攻击,高防cdn万能,DDOS攻击防御手段