Dozens of discussion groups on Reddit—including those dedicated to the National Football League, the San Francisco 49ers, and the Gorillaz—were hit in a Friday morning mass takeover spree that used the subreddits to spread messages promoting President Trump.
The hijacked accounts had tens of millions of combined members. The 148,000-member subreddit Supernatural, dedicated to the TV show by the same name, was emblazoned with pro-Trump images and slogans. Reddit personnel have since restored the moderator account to its rightful owner. The image above is how the subreddit appeared when the takeover was still active. The takeovers came five weeks after Reddit banned /r/The_Donald, a leading forum for fans of the president, and hundreds of other unrelated subreddits for violating recently rewritten content rules.
Reddit personnel published this post captioned, “Ongoing incident with compromised mod accounts.” Reddit personnel then warned that moderator accounts were being compromised and used to vandalize subreddits. It asked moderators of affected subreddits to report them in responses. At the time this post when live, the list of reported subreddits included:
A larger list of subreddits reported as compromised is available at the incident report linked above.
Reddit officials issued the following statement: “An investigation is underway related to a series of vandalized communities. It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.”
The statement didn’t answer a question seeking the total number of affected subreddits. The company also didn’t respond to my inquiry on how those responsible for the hijackings carried them out. In an update, published after this Ars article went live, Reddit personnel said that none of the compromised accounts were protected by two-factor authentication. Without the benefit of 2FA, compromised passwords that are reused on Reddit would be enough for attackers to access the accounts.
Several readers reported that they were receiving internal server errors when trying to enroll their accounts in 2FA. Others said after enabling 2FA they were no longer able to see notifications or start private conversations. Other users, meanwhile, complained that 2FA blocks or interferes or with their ability to use scripts that they use to manage subreddits.
Tweets from a Twitter account that appeared to also be compromised took responsibility for the mass Reddit account takeovers. The person controlling the Twitter account claimed the compromised accounts used weak passwords. The claims couldn’t immediately be confirmed. Twitter later suspended the account, and company representatives didn’t immediately return an email asking why.
At the time this post went live, most or all of the affected accounts appeared to have been either restored and reverted back to their previous condition or banned for terms of service violations.
Friday’s incident comes three weeks after hackers hijacked the accounts of celebrities, executives, and celebrities and tweeted links to a bitcoin scam to tens of millions of followers. Twitter has since said it lost control of its internal systems after an employee was tricked by a phone-based phishing attack. Prosecutors have charged a 17-year-old with being the mastermind behind the stunt.