Hacker News new | past | comments | ask | show | jobs | submit login
Reddit has been hacked
4 points by Hrundi on March 14, 2014 | hide | past | favorite | 3 comments
It appears someone is able to change the custom CSS at will for multiple subreddits. He also claims he has access to all reddit accounts and he's selling the 0-day for BTC.

Gaming, AdviceAnimals, fffffuuuu and iama are affected.

For example, try accessing http://reddit.com/r/gaming and you'll see a black screen with the words "Half Life 3 confirmed". Nearly gave me a heart attack.

Code for the full-screen overlay: <form action="#" class="usertext" onsubmit="return post_form(this, 'editusertext')" id="form-t5_2qh03d4n"><input type="hidden" name="thing_id" value="t5_2qh03"><div class="usertext-body"><div class="md"><p><a href="https://twitter.com/officialnea">Half Life 3 confirmed.</a></p> </div> </div></form>

Disabling custom CSS styles in your user settings will do nothing to prevent it.

EDIT: This has been posted by alienth a few days ago: http://www.reddit.com/r/modnews/comments/205tik/mods_are_being_targeted_for_account_breakins_part/




Twitter of person/group claiming the hack: https://twitter.com/OfficialNEA


Access to all Reddit accounts sounds like a huge bluff, they're selling the 0-day for 1BTC according to their Twitter..


They all look fine to me




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: