Saudi Arabia has shut down half of its oil production after drones attacked the world's largest oil processing facility in the kingdom.Marketsread more
Yemen's Houthi rebels have claimed responsibility for the attacks, which created a huge fire at a processor essential to global energy supplies.Politicsread more
Oil prices are expected to jump as much as $10 per barrel after a coordinated drone strike hit Saudi Arabia's largest oil field, forcing the kingdom to cut its oil output in...Marketsread more
Trusii's hydrogen water machines were supposed to help users with their health problems, but customers claim the company is involved in a giant scam.Technologyread more
The decoupling of the world's two weightiest economies seems as inescapable as its extent and global impact remains incalculable.Politicsread more
The trucking industry is worth hundreds of billions of dollars per year. Uber is going after this market with Uber Freight, an online platform that matches truckers with...Technologyread more
BlackBerry has reinvented itself to become a leader in securing mobile communications and in embedded communications. Next year it plans to roll out new products. CEO John...Evolveread more
Trailers have become a cult phenomenon. Even short teasers that reveal little about the plot of the upcoming film are headline-worthy. Blogs and forums have become devoted...Entertainmentread more
Thanks to the performance of Beyond Meat, investors who focus on venture-backed tech IPOs have done well this year despite some notable disappointments.Technologyread more
Software company Intuit, maker of tax helper TurboTax, is in its eleventh year of stock gains and up 36% this year.Investingread more
CNBC did a deep dive through the most recent Wall Street research to find stocks with upside potential.Marketsread more
Reddit, one of the most popular sites on the internet, fell victim to a cyberattack in June, the company revealed today, allowing hackers to steal email addresses and passwords of what the company calls a "small number" of users.
The attack happened despite Reddit's use of two-factor authentication, which relies on two separate factors, like a password and an SMS message. In this case, the SMS messages were intercepted, according to the company. The incident will prompt it to move to a stronger "token-based" authentication. Google recently began offering this type of authentication, and says it has successfully been used to ward off attacks like the one Reddit says it fell victim to.
The incident comes at a time when Reddit is trying to change its business model to make money off of its vast audience through targeted advertising, a move that's rankled some members of its community, which have traditionally skewed from support groups to those with shared pornography interests.
Reddit has become one of the five most popular sites on the internet, with more than 330 million monthly visitors, CNBC has previously reported. The company, which raised $200 million at a valuation of $1.8 billion last year, is making a push to sell more advertising in an attempt to reach the kind of business success that other high-traffic social networks, such as Facebook and Twitter, enjoy.
The attack, which took place from June 14 to June 18, was "serious" and the attackers were able to access all Reddit data from "2007 and before" including account credentials and email addresses, according to a company executive posting to the Reddit homepage. The spokesperson, who uses the alias KeyserSosa, is Chris Slowe, the Chief Technology Officer of Reddit, the company confirmed.
Stolen information included "a complete copy of an old database backup containing very early Reddit user data -- from the site's launch in 2005 through May 2007," according to the post. The company also said email digests sent from June 3 and June 17 were accessed.
Most Reddit users will be contacted through private messages or the email address associated with their account, according to the company.
The company has reported the incident to law enforcement and took measures to block "privileged access" to Reddit's systems, according to the statement. Credentials for individuals working with unnamed cloud and source code hosting providers were compromised, the statement said. Attackers not only stole passwords, but intercepted texts to employee smartphones in order to carry out the theft, the statement says.
The incident will lead the company to change from text-based two-factor authentication to token authentication, the spokesperson said.
Two-factor authentication involves individuals getting access to company's systems by at least two different means, by password, and entering a unique code texted via SMS to their smartphone or inserting a smart key device that only the employee holds.
In Reddit's incident, the attackers were able to gain access through the credentials of internal employees, which included deep access to "code and infrastructure," the company said.
"Already having our primary access points ... requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. We point this out to encourage everyone here to move to token-based 2FA," the company said.
The statement strengthens the position of companies like Google and Yubi that both offer token-based authentication for corporations and individuals.
"In other news, we hired our very first Head of Security, and he started 2.5 months ago. I'm not going to out him in this thread for obvious reason, and he has been put through his paces in his first few months," Slowe wrote on the Reddit post. "So far he hasn't quit. On a related note, if you'd like to help out here and have a security background, we actually have a couple of open security roles right now."
Those roles, according to Slowe, include: