Defacer teaches r/howtohack how to hack with mass defacement spree
A seemingly benign Twitter pest has popped what they claim is more than 100 Reddit subreddits including those devoted to the upcoming big ticket Battlefield One game, Marvel Studios, Star Wars, and Game of Thrones.
Hugely popular subreddits including pics, and TIFU (today I f**ked up) were also defaced.
In keystrokes of irony the hacker using the handle TehBVM (@TehBVM) popped the subreddit How to Hack.
Their handiwork appears to be limited to defacements in which subreddit cover images and CSS are messed with to display the hacker’s shout outs to other net users.
hack teh pwanet https://t.co/Xiu7bdOG3O
— BVM (@TehBVM) May 7, 2016
The hacker also appears to have offered moderator accounts on the hacked subreddits.
Legitimate moderators have since clawed back control of their subreddits.
r/StarWars: Great, kid.
Don’t get cocky.
No serious black hat activity that would result in compromise of users or disclosure of data appears to have occurred, making the attacks an entertaining lesson in the need for two factor authentication, a security feature that Reddit lacks.
Reddit has flagged two factor authentication as a feature it aspires to implement, but is still to produce a beta.
TehBVM did not reveal how he she or it compromised the accounts but denied it involved brute force attacks.
It is possible the hacker is testing breached passwords against the accounts to pop weak or reused credentials.
The hacker is following in the wake of other Reddit miscreants who have punished the site for its lack of two factor authentication.
Big subreddits have been popped each year from 2013 thanks to poor and reused moderator passwords. ®
Rise of the machines