According to Reddit’s blog, the site’s official Gmail account — firstname.lastname@example.org — has been broken into. Luckily, it’s just an account for feedback e-mail, so no user data or confidential information has been compromised. Following the security breach, Reddit has changed the feedback e-mail to email@example.com.
From the blog: “We’re in contact with both google’s and twitter’s security team, and the site has not been broken into. All he’s done at this point is ruined everyone’s night. We don’t recycle passwords, and we don’t store passwords in the reddit email. No one’s account has been compromised. We don’t store any confidential information in that account; it is just for feedback email.”
Notice the part where it says that Reddit contacted Twitter’s security team? Yup, Reddit’s Twitter account was linked to the GmailGmail account, and it also got compromised, but Reddit has recovered it and deleted the tweets posted by the hacker(s).
Of course, the story about the breach reached the top of Reddit, as well, and one commenter asks an interesting question: “Why does Reddit use a Gmail account for this purpose, anyway?” One of the site’s moderators answers: “When we were much, much smaller (no mail server, etc) it was the easiest way for several people to get to the feedback account at the same time, and it stuck.”
So there you have it: as the company grows, it should continually update its security practices, otherwise it might find that certain solutions, that were good enough a couple of years ago, simply don’t cut it anymore.
Image courtesy of iStockphotoiStockphoto, bunhill