Aug. 2 (UPI) — Social discussion website Reddit said a security breach earlier this summer has compromised some users’ accounts, and may threaten their anonymity.
Reddit said in a post Wednesday hackers accessed a database that contained email addresses of users who created accounts between 2005 and 2007, and those who subscribed to its newsletter from June 3-17.
Reddit said the hacker compromised multiple employee accounts on its cloud and source code hosting providers between June 14-18. The website also said the hacker successfully bypassed those accounts’ two-factor SMS authentication — a level of security that usually involves proving a user’s identity by entering a code sent to their cellphone.
“We learned that SMS-based authentication is not nearly as secure as we would hope,” Reddit said in its warning post.
“We’ve been conducting a painstaking investigation to figure out just what was accessed, and to improve our systems and processes to prevent this from happening again.”
It’s unclear exactly how many users might have been affected, but Reddit said it’s notifying the owners of compromised accounts.
The site said although the attack was serious, the hackers were not able to alter Reddit information.
Robert Siciliano, security analyst at online security company Hotspot Shield, said the breach can have serious far-reaching consequences.
“This breach, based on the nature of the information compromised and what some people post on Reddit, could definitely have a negative impact on relationships, employment and other factors,” he told NBC News.
“Without a doubt, anonymity is something users used to enjoy, but that is quickly going away.”
Siciliano compared the 2015 breach of dating website Ashley Madison, which exposed the names and email addresses of more than 36 million account holders. As Ashley Madison promotes extra-relationship affairs, the hack resulted in many divorces and two suicides.