Cyber Incident Victim: Reddit

In early May 2016, a hacker operating under the alias BVM (@TehBVM) launched a series of unauthorized takeovers targeting multiple Reddit subreddits. The attacks began around May 4, when BVM publicly referenced an earlier incident where another hacker, @TheVoxi, had defaced subreddits belonging to professional gaming teams (TSM, CLG, Team Liquid, and Cloud9). Inspired by this, BVM escalated the activity by systematically hijacking dozens of subreddits over the following week. The compromised communities included high-profile forums such as /r/StarWars, /r/GameOfThrones, /r/Pics, /r/Books, /r/MarvelStudios, /r/Battlefield_One, /r/Cars, /r/Gay, /r/Autism, and /r/TIFU, among others. Upon gaining access, BVM removed existing moderators, altered subreddit CSS styles, and posted defacement messages reading "Jacked by @TehBVM" alongside shoutouts to other Twitter accounts. The hacker documented these actions in real-time through Twitter, initially sharing links to defaced subreddits but later ceasing public notifications to evade Reddit administrators.

The attacker exploited reused credentials from public data breaches rather than brute-force methods, as confirmed by BVM's statements and moderators' admissions of password reuse across multiple sites. Reddit's lack of two-factor authentication at the time left compromised accounts vulnerable to takeover. The incident disrupted normal operations across affected subreddits, requiring Reddit administrators to intervene and restore moderator access. No permanent data loss or systemic platform compromise was reported, but the scale of the hijackings—spanning entertainment, gaming, lifestyle, and support communities—highlighted risks associated with weak authentication practices. Moderators were advised to adopt unique, strong passwords as the primary mitigation, though no immediate changes to Reddit’s security infrastructure were detailed in public disclosures following the attacks.