Is there any information on what kind of data they stole?
It’s a public forum with a lot of public data, it makes no sense that they negotiate about data that is already public.
Well, assuming that this is even directly related to the forum, as opposed to, say, email logs from the Reddit internal email server or something, things that might not be public:
Private messages between users.
Browsing data. I mean, maybe a user only posts on /r/politics, and that’s public, but spends a lot of time browsing /r/femdom or whatever.
IP addresses of users. Might be able to associate multiple accounts held by a user.
Passwords. While hopefully stored in a salted and hashed format, so they can’t be simply trivially obtained, they can still be attacked via dictionary attacks, which is why people are told not to use short and predictable passwords.
Email addresses (if a user registered one)
Reddit has some private chat feature that I’ve never used, which I imagine is logged.
Is there any information on what kind of data they stole? It’s a public forum with a lot of public data, it makes no sense that they negotiate about data that is already public.
Well, assuming that this is even directly related to the forum, as opposed to, say, email logs from the Reddit internal email server or something, things that might not be public:
Private messages between users.
Browsing data. I mean, maybe a user only posts on /r/politics, and that’s public, but spends a lot of time browsing /r/femdom or whatever.
IP addresses of users. Might be able to associate multiple accounts held by a user.
Passwords. While hopefully stored in a salted and hashed format, so they can’t be simply trivially obtained, they can still be attacked via dictionary attacks, which is why people are told not to use short and predictable passwords.
Email addresses (if a user registered one)
Reddit has some private chat feature that I’ve never used, which I imagine is logged.
Reddit used to be open source and the password was hashed using bcrypt.