|
|
|
|
|
|
by ramses0
3093 days ago
|
|
|
This is a new class of attack. Instead of spear-phishing, it's spear-hacking. It looks like the target was "bitcoin-ish tipped into /u/someredditor" and the hack/vuln was "intercept mail password resets in order to auth account in order to snatch crypto-currency" ie: most people's reddit accounts (IMHO) are on the "not that important" on the scale of password protection. (Personal Email/Financial => Work => Medium Security [facebook, amazon, etc] => Low Security [discussion forums]) It's another way of saying that I would expect phpBB or reddit or pinterest to have lower password/server security than my gmail or bank websites. However, because reddit is relatively high profile, and there was mixing of "cash and reddit", all of a sudden not just reddit was target of a hacking attack, but also reddit's 3rd party service providers. I can choose to use reddit or not, but I can't choose that reddit uses or doesn't use some other random service provider that may or may not be vulnerable. |
|
|