A hacker has been hijacking Reddit subreddits by defacing them and messing around with CSS to display shoutouts to other users.
The hacker, who goes by the Twitter handle @TehBVM, has been defacing more than 70 subreddits since May 4, including /r/StarWars, /r/GameOfThrones, /r/Pics, /r/Books, /r/Cars, /r/Gay, /r/Battlefied, /r/LosAngelesRams, /r/Arrow, /r/MarvelStudios, /r/Marvel, /r/Autism, /r/CSGOBetting, /r/OutOfTheLoop, /r/Robocraft, /r/HowToHack, r/TIFU, /r/Battlefield_One and more.
TehBVM also played around with popular subreddits, including photos, TIFU (today I f---ed up) and How to Hack, and appeared to have offered moderator accounts on the hacked subreddits.
Real moderators have since regained control of their subreddits, according to the Register.
An example of a defaced message read, "Jacked by @TehBVM. Shoutout to @hackguyishackin, @extradition_, @Doxially, @i_am_V0dka, @hackdeplanet, @3letteragencies, @d0ksi. BEAM ME UP SKOTTY."
There was no black hat activity that would target users or disclosure of private data involved. However, Reddit may want to invest in a security feature with two-factor authentication, which the website plans to implement in the future.
TehBVM did not say how he, she or it hacked into the accounts, but denied using brute force in the attacks. The hacker could just be testing breached passwords against the accounts to exploit weak passwords or credentials that have already been used for other services.
Reddit has responded to the hacked subreddits and restored some of the pages.
"We take the security of our users and moderators seriously, and are working to implement features that will help bolster account safety in the near future," the company said in a statement, according to Bat Blue Networks.
Users and moderators were also asked to change their passwords following the attack.
This is not the first time moderators of the website have been hacked and their subreddits defaced, according to Naked Security.
Two years ago, moderator alienth posted on Reddit that moderators were being targeted for account break-ins after a number of hugely popular subreddits were defaced.
Alienth claimed that Reddit had already looked into adding a type of multi-factor authentication back in March 2014.