Dozens of discussion groups on Reddit – including those devoted to the National Football League, the San Francisco 49ers, and the Gorillaz – were met at a mass takeover spree Friday morning that used the subreddits to spread messages promoting President Trump .
The hijacked accounts had tens of millions of members together. The 148,000-member subreddit Supernatural, which is dedicated to the TV show of the same name, has been adorned with pro-Trump images and slogans. Reddit staff have since restored the moderator account to their rightful owner. The image above shows how the subreddit was displayed when the takeover was still active. The acquisitions came five weeks after Reddit banned / r / The_Donald, a premier forum for fans of the President, and hundreds of other unrelated subreddits for violating recently rewritten content rules.
Reddit staff posted this post titled "Ongoing Incident with Compromised Mod Accounts". Reddit staff then warned that moderator accounts would be compromised and used to destroy subreddits. Moderators of affected subreddits were asked to report them in responses. At the time of this posting, the list of reported subreddits included:
For a larger list of subreddits that have been reported as at risk, see the Incident Report linked above.
Reddit is investigating
Reddit officials made the following statement: “Investigations are underway against a number of destroyed communities. It appears that the source of the attacks was compromised moderator accounts. We are working on suspending these accounts and restoring affected communities. "
The statement did not answer a question about the total number of subreddits affected. The company also did not respond to my inquiry about how those responsible for the abductions carried out them. In an update released after this Ars article was published, Reddit employees said that none of the compromised accounts were protected by two-factor authentication. Without the benefit of 2FA, compromised passwords that are reused on Reddit would be enough for attackers to access the accounts.
Several readers reported receiving internal server errors when trying to register their accounts with 2FA. Others said after enabling 2FA they could no longer see notifications or start private conversations. Other users meanwhile complained that 2FA blocks or interferes, or that they can use scripts to manage subreddits.
Tweets from a Twitter account that also appeared to be compromised took responsibility for the mass takeovers of the Reddit account. The person who controls the Twitter account claimed the compromised accounts used weak passwords. The claims could not be confirmed immediately. Twitter later suspended the account and company representatives didn't immediately return an email asking why.
At the time of this writing, most or all of the affected accounts appeared to have either been restored and reverted to their previous state or suspended for violating the Terms of Service.
Friday's incident came three weeks after hackers hijacked celebrity, executive and celebrity accounts and tweeted links to a Bitcoin scam on tens of millions of followers. Twitter has since said it lost control of its internal systems after an employee was tricked by a phone-based phishing attack. Prosecutors have accused a 17-year-old of being the mastermind behind the stunt.