SoftBank wants to push Neumann out of the CEO role ahead of the IPO.Technologyread more
The next three weeks are among the rockiest, on a historical basis, of the entire calendar.Trading Nationread more
An annual survey by Piper Jaffray found iPhone users willing to upgrade to newly released models declined compared to last year.Technologyread more
The UK's Civil Aviation Authority said Thomas Cook had now ceased trading and the regulator would work with the government to bring the more than 150,000 British customers...Europe Marketsread more
New York Fed President John Williams said Monday that the central bank acted quickly during last week's jolt to overnight lending markets and that the issue appears resolved...The Fedread more
The holidays are a critical time for many brands, as sales during this time of year can make up 30% of a retailers annual sales. Heading into the gift-giving season, shoppers...Retailread more
The U.S. manufacturing sector recovered in September with activity growth hitting a five-month high, according to IHS Markit.Marketsread more
Microsoft is looking for a new way to grab business from retailers as they fend off Amazon.Technologyread more
Banks have historically used armies of mortgage brokers to gather income and asset documents from prospective borrowers.Financeread more
On Sunday, the 71st Primetime Emmy Awards honored the best comedies, dramas, limited and variety series from the last year.Entertainmentread more
Guggenheim reiterates its buy rating on Boston Beer's stock and raises its price target to $462 from $449 per share.Investingread more
Reddit, one of the most popular sites on the internet, fell victim to a cyberattack in June, the company revealed today, allowing hackers to steal email addresses and passwords of what the company calls a "small number" of users.
The attack happened despite Reddit's use of two-factor authentication, which relies on two separate factors, like a password and an SMS message. In this case, the SMS messages were intercepted, according to the company. The incident will prompt it to move to a stronger "token-based" authentication. Google recently began offering this type of authentication, and says it has successfully been used to ward off attacks like the one Reddit says it fell victim to.
The incident comes at a time when Reddit is trying to change its business model to make money off of its vast audience through targeted advertising, a move that's rankled some members of its community, which have traditionally skewed from support groups to those with shared pornography interests.
Reddit has become one of the five most popular sites on the internet, with more than 330 million monthly visitors, CNBC has previously reported. The company, which raised $200 million at a valuation of $1.8 billion last year, is making a push to sell more advertising in an attempt to reach the kind of business success that other high-traffic social networks, such as Facebook and Twitter, enjoy.
The attack, which took place from June 14 to June 18, was "serious" and the attackers were able to access all Reddit data from "2007 and before" including account credentials and email addresses, according to a company executive posting to the Reddit homepage. The spokesperson, who uses the alias KeyserSosa, is Chris Slowe, the Chief Technology Officer of Reddit, the company confirmed.
Stolen information included "a complete copy of an old database backup containing very early Reddit user data -- from the site's launch in 2005 through May 2007," according to the post. The company also said email digests sent from June 3 and June 17 were accessed.
Most Reddit users will be contacted through private messages or the email address associated with their account, according to the company.
The company has reported the incident to law enforcement and took measures to block "privileged access" to Reddit's systems, according to the statement. Credentials for individuals working with unnamed cloud and source code hosting providers were compromised, the statement said. Attackers not only stole passwords, but intercepted texts to employee smartphones in order to carry out the theft, the statement says.
The incident will lead the company to change from text-based two-factor authentication to token authentication, the spokesperson said.
Two-factor authentication involves individuals getting access to company's systems by at least two different means, by password, and entering a unique code texted via SMS to their smartphone or inserting a smart key device that only the employee holds.
In Reddit's incident, the attackers were able to gain access through the credentials of internal employees, which included deep access to "code and infrastructure," the company said.
"Already having our primary access points ... requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA," the company said.
The statement strengthens the position of companies like Google and Yubi that both offer token-based authentication for corporations and individuals.
"In other news, we hired our very first Head of Security, and he started 2.5 months ago. I'm not going to out him in this thread for obvious reason, and he has been put through his paces in his first few months," Slowe wrote on the Reddit post. "So far he hasn't quit. On a related note, if you'd like to help out here and have a security background, we actually have a couple of open security roles right now."
Those roles, according to Slowe, include: