• by Ray Schultz , January 5, 2018

A bad actor has accessed Reddit’s email data by hacking its automated email service Mailgun. However, the damage appears to be minimal.

According to the Next Web, quoting engineer u/gooeyblob, “a malicious actor targeted Mailgun and gained access to Reddit’s password resent emails.” Reddit users complained of “Missing Bitcoin Cash Tips,” The Next Web continues.

Reddit took immediate measures and moved reset emails to an in-house servicer. Less than 20 accounts were compromised.

For its part, Mailgun became aware on January 3 "of an incident in which a customer’s API key was compromised and immediately began diagnostics to help determine the cause and the scope of impact," it writes in a post. 

"At that point in time, we were able to determine that the root cause was due to a Mailgun employee’s account being compromised by an unauthorized user. We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application."

The company continues that it has "completed its diagnostic of accounts that were affected and has notified each of the affected users. At this time, we believe less than 1% of our customer base was potentially affected."

The company has engaged a third-party security team to complete an additional audit and validate its findings, it adds.