Cyber Incident Victim: Reddit
Date:
Aug 2020
Location:
United States of America
Summary
Hackers compromised multiple moderator accounts lacking two-factor authentication to deface numerous high-traffic subreddits, replacing content with pro-Trump reelection messages. The affected channels spanned diverse topics including sports leagues, entertainment franchises, cities, and educational forums, collectively reaching tens of millions of subscribers. The platform's security team responded by restoring access and addressing compromised accounts, while an unverified Twitter account claiming responsibility was suspended. This incident followed the platform's earlier removal of a pro-Trump community for harassment and bullying violations, mirroring similar defacements observed in another online gaming platform's user accounts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 7, 2020, Reddit experienced a widespread security incident involving the defacement of numerous subreddits with pro-Trump reelection messages. Attackers compromised moderator accounts across tens of communities, altering subreddit appearances to display political content supporting Donald Trump's campaign. The hack affected high-traffic channels spanning diverse categories, including major sports leagues (r/NFL, r/CFB, r/49ers), entertainment franchises (r/Avengers, r/BlackMirror, r/GameOfThrones), geographic communities (r/Vancouver, r/Dallas, r/Japan), and niche interest groups (r/Lockpicking, r/Beer, r/woodpaneled). Combined subscriber counts across targeted subreddits reached tens of millions. Reddit's security team acknowledged the incident while it was still ongoing and initiated restoration efforts for compromised communities. Initial analysis indicated attackers gained access through moderator accounts lacking two-factor authentication, with multiple moderators confirming their credentials were compromised.
The company directed affected channel owners to report issues through a dedicated ModSupport thread while working to reverse unauthorized changes. A Twitter account claimed responsibility for the hack but was suspended before journalists could verify the claim. This incident occurred approximately six weeks after Reddit banned r/The_Donald, a prominent pro-Trump community, for violations including harassment and threats of violence. The defacement methodology mirrored a late June 2020 incident where attackers compromised over 1,800 Roblox accounts to display similar pro-Trump messages. No data breaches or server compromises were reported in the Reddit incident, with the attack vector appearing limited to moderator account takeovers rather than platform-wide infrastructure penetration. Restoration efforts continued throughout the incident day as Reddit addressed the coordinated campaign targeting community moderation access.