In what appears to be a massive coordinated strike against Reddit, hackers took over dozens of pages on Friday afternoon, using their access to plaster pro-Donald Trump imagery across subreddits with huge followings.
Coming just over three weeks after hackers used access to high-profile Twitter accounts to tweet a bitcoin scam, the wave of Reddit compromises has a similarly eye-popping reach. Reddit communities with well over a million members—including r/space, r/food, and r/NFL—were all defaced with Make America Great Again campaign banners and other pro-Trump signage.
Sometime on Friday morning, hackers began breaking into the accounts of the moderators of dozens of subreddits, ranging from the popular channels cited above to more niche fare like r/beerporn. They used that access not only to splash the pro-Trump imagery all over the page, but in many cases posted a MAGA missive from the moderator’s account with the subject “We Stand With Donald Trump #MIGA2020.”
“We on behalf of the American people want to implore and strongly encourage you all to vote Trump in the 2020 elections of the USA of America,” read one such message, posted to the college football-focused r/cfb. The post goes on to call the novel coronavirus a “hoax,” loosely compares Trump to Batman, and ends on a list of “Ten Things Democrats Did Wrong,” which includes “Nice people are hated by the Democrats” as a bullet point. In the case of r/cfb, the hackers also set the community to private, leaving only an emoji-strewn pro-Trump message on the landing page for those locked out.
“An investigation is underway related to a series of vandalized communities,” said a Reddit spokesperson. “It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.”
Hackers attempted to claim credit for the attacks on Twitter, saying that “we combined password stuffing and social engineering together to beat the teenage bitcoin cheater,” an apparent reference to alleged Twitter hack ringleader Graham Ivan Clark, who was arrested last week. Credential stuffing is when attackers use previously leaked passwords to break into accounts made by the same email address, taking advantage of the common human tendency to reuse passwords. Social engineering is a catch-all for ways to trick people into giving you information that helps break into their or someone else’s account; it’s at the heart of many so-called SIM-swap attacks that help hackers get around two-factor authentication.
Claims of hacking credit on Twitter should be taken with hefty boulders of salt, but some combination of password reuse and SIM-swapping could certainly be at the heart of the Reddit hacks. Since the takeovers occurred, Reddit users have been scrambling to figure out what happened, and protect their own accounts. A post published this afternoon by a Reddit community moderator warns people to look for unexpected password reset emails and encourages mods to change their passwords. A post on r/SubredditDrama includes a “Guide to unfucking your subbreddit” that initially led off with “#ENABLE TWO-FACTOR AUTHENTICATION,” but was edited to say that some accounts were compromised even with two-factor in place.
There’s also the possibility, as in the case of the Twitter hacks, that attackers gained access to Reddit’s internal tools. That would help explain the huge scope of the problem, and how the attackers were able to move so quickly across the platform.
At least 70 subreddits experienced issues in all. Many of the subreddits were restored by later in the afternoon, but some victims, including r/GreatBritishBakeOff and r/buffy, remained MAGAtized.
So far the fallout appears to be limited to subreddit vandalism, although presumably the hackers also had access to the affected moderators’ private messages. If password reuse was how the attackers got in, those moderators’ other accounts may be vulnerable, as well.
Fortunately, the clean-up seems relatively straightforward: Once they have control of their subreddits back, moderators need only to revert the changes and delete the uploaded images to put things back to normal.
The MAGA messaging itself less disturbing than the hackers’ ability to pull off this coordinated stunt in the first place. How worrisome it is, though, depends on whether they hit individual moderators with sloppy passwords, or mounted a more sophisticated assault against Reddit’s internal controls.
And while there’s no reason to believe that the two are connected, the MAGA-laced Reddit hack does come just a little over a month after over a thousand profiles in the online multiplayer game Roblox were hacked to include the phrase, “Ask your parents to vote for Trump this year!”
For now, other than a few lingering subreddits, the attack seems to be under control. We’ll update if and when Reddit shares more details about not just what happened, but how.
More Great WIRED Stories
- There’s no such thing as family secrets in the age of 23andMe
- My friend was struck by ALS. To fight back, he built a movement
- How Taiwan’s unlikely digital minister hacked the pandemic
- Linkin Park T-shirts are all the rage in China
- How two-factor authentication keeps your accounts safe
- 🎙️ Listen to Get WIRED, our new podcast about how the future is realized. Catch the latest episodes and subscribe to the 📩 newsletter to keep up with all our shows
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones