The hacker targeted third party vendor Mailgun to intercept password reset emails.
After several reports of users in the r/btc channel complaining about receiving password reset emails—and confirmation of the resets—despite not initiating them, Reddit decided to investigate and found out that there was indeed, a hack.
The Reddit announcement says that the hacker managed to intercept password reset emails through their third party provider Mailgun. According to Mailgun’s statement, the hacker first gained access to an employee’s account.
“At that point in time, we were able to determine that the root cause was due to a Mailgun employee’s account being compromised by an unauthorized user. We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application.”
The r/btc channel has a tipbot called Tippr (u/tippr) which allows users to tip other users for comments, if they deem that an upvote is not enough. This then transfers a certain amount of Bitcoin Cash (BCH) from the tipper’s wallet to the commenter’s. Some of these BCH wallets connected to the tipbot were robbed.
Apart from that, the hacker also took over moderator u/todu’s account to make several changes to the channel such as changing the stylesheet to point to r/bitcoin, the channel for legacy chain BTC—which has been in constant rivalry with Bitcoin Cash.
Reddit infrastructure leader u/gooeyblob says that the estimated number of affected accounts is low, and that the issue has been resolved.
“We are continuing to work with Mailgun to make sure we have identified all impacted accounts. At this time, the overall number of confirmed impacted users is less than twenty. For those affected, we have resolved the issue and assisted in account recovery.”
Those who are affected would have received a notification email from Mailgun, and are advised to follow precautionary measures.
“If you were notified that your account was affected, we advise that you do the following to protect your account from unauthorized access:
1) Rotate your Mailgun API keys (click here for more info on how this process works)
2) Change your SMTP username and passwords (this article shows you where to manage your SMTP credentials)”.