• Phoeniqz@lemmy.dbzer0.comOP
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    From the article:

    We can be pretty sure of what to doesn’t include, and that’s user data such as account details, passwords or payment information. That’s because, from the very start, Reddit made it quite clear that the ‘live’ production systems holding such data were not breached.

    • SickIcarus@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That’s because, from the very start, Reddit made it quite clear that the ‘live’ production systems holding such data were not breached.

      Because Reddit is known for being forthright and honest…

    • tojikomori@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Yes but note the specific details of that assumption and their reasoning: it’s based on reddit’s announcement of the security incident a few months ago which starts:

      Based on our investigation so far, Reddit user passwords and accounts are safe…

      Now, look again at what BlackCat has promised in this leak:

      Instead, BlackCat is teasing such revelations as “all the statistics they track about their users,” and data concerning how Reddit “silently censors users.”

      80 GB of “statistics and data” about Reddit’s users is a lot. It may not contain raw IP addresses, but we know that IP matching is one of the ways Reddit catches sock puppets, so there may at least be a hash that could be used to identify accounts held by the same users.

      Am I going too far worrying about PMs and other details? Maybe. It really depends on the honesty and competence of BlackCat and Reddit, and the article author’s assumptions based on their statements.