• gentleman@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    @Phoeniqz If Reddit is only announcing the hack now then that is very likely going to be a legal problem in a number of US jurisdictions, not to mention EU and others.

      • dismalnow@kbin.social
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        @Phoeniqz

        @gentleman

        My read was that BlackCat only got non-prod data. So perhaps it’s sourcecode.

        In which case… they’ve likely got nothing of value other than the code used to track users.

        • gentleman@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          @dismalnow having the code out there that Reddit uses to track accounts doesn’t give me warm fuzzies. I’m not a technical guy but it seems that it would be better if that code had not been hacked and put in the hands of people with malicious intent. I have to defer to others on whether the hack compromises Reddit users’ security.

          • dismalnow@kbin.social
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            @gentleman

            it would be better if that code had not been hacked and put in the hands of people with malicious intent.

            And if a frog had wings…

            Now that it’s out, it’s best for affected parties to try to determine if immediate action is required to reduce damage to themselves via reddit’s mistake - and all we have is a preliminary, and likely heavily redacted report from the company foolish enough to have allowed itself to get hacked.

            So far the information points to non-production data. But the truth is that nobody knows the full scope of egressed data until BlackCat proves it, or reddit runs the fastest penetration forensics team EVER.

            Therefore, it’s unlikely to be user information of substance unless you e been uploading photos of your taint, connected your work email address, and have pm’d your credit card number to people.