Reddit revealed it had been hacked between June 14 and June 18, when its storage systems were accessed. The company suspects that SMS-based 2FA (two factor authorization) was the root cause of the incident, claiming that the main attack was via SMS intercept. User data accessed was all Reddit data from 2005 to 2007, including usernames, salted hashed passwords and email addresses, as well as email digests sent by Reddit in June 2018, which connect a username to the associated email address. Other data was accessed as well, including Reddit source code, internal logs, configuration files and other employee workspace files. The company specified hackers didn’t get write access to Reddit system and no data was altered, but will prompt users affected to change their passwords.