Earlier this week, a number of high-profile communities on social news site Reddit were hacked and defaced. A group calling itself the Nigerian Electronic Army has claimed responsibility.
The list of subreddits that were reportedly hit included the esports gaming forums r/DotA2 and r/LeagueOfLegends, the smartphone discussion group r/Android, and popular general interest subreddits r/pics, /rInternetIsBeautiful, and r/MildlyInteresting.
Here’s what the r/LeagueOfLegends page looked like during the hack:
In a Tuesday post on the r/ModNews subreddit, Reddit system administrator Jason Harvey described how the hack went down:
As you may have noticed yesterday, several big subreddits were defaced. All of the defacements were due to mod accounts being accessed by an attacker. In all cases, the accounts were accessed with a single password try. A very similar break in event happened late last year. The attacker may have been different, but the target and apparent method was the same. Given the circumstances of the breakin, it is likely that the attacker had access to some outside password list. While there are a variety of ways an attacker may try to acquire a person’s login credentials, exploiting password-reuse is the most prevalent and easy attack vector.
Harvey advised moderators to make sure that they’re using strong passwords that aren’t shared across multiple accounts and to take steps to ensure that their personal email addresses and computers are secure.
A r/LeagueOfLegends moderator told the Daily Dot that the page was only affected for a few minutes. “We have a very attentive group of mods here,” the moderator explained, “so the attack didn’t stop us for very long at all.”
On a Twitter account claiming to be operated by the organization associated with the hack, the Nigerian Electronic Army claimed to discovered a zero day exploit (meaning a previously undiscovered hole in the site’s security system) and was attempting to sell information about it for a price. The going rate was apparently a single bitcoin—about $640 USD at the current market price.
If you were curious, yes, the hackers said they accept Dogecoin.
This tactic–breaching a site’s security and then attempting to sell info on how it was done–isn’t an unheard of practice with the hacking world. For example, late last year, a Russian hacker who goes by the name ?HASH” gained access to a BBC and then put that info up for sale on an underground hacking forum.
Previous to this hack, there was scant evidence of the Nigerian Electronic Army’s existence anywhere on the Internet. The group’s Twitter account was only created on Monday and its first tweet was advertising the sale of the Reddit exploit.
The group’s name is likely modeled after that of the Syrian Electronic Army. An an organization of hackers that have compromised the websites of media outlets ranging from CNN to the Associated Press to the Daily Dot
As Harvey mentioned in his note, this incident is not the first time hackers have briefly taken over a subreddit. In 2012, shortly after President Obama’s AMA drew newfound national attention to the site, a group of hackers (likely affiliated with the now-banned “game of trolls” community) overtook the r/IAmA subreddit, deleted legitimate posts, and replaced the standard graphics with pornography.
Illustration by Jason Reed