Social media site Reddit is attempting to cover up the scale of a massive data breach that has exposed thousands of its users real identities.

Reddit, the fourth most popular website in the US, quietly informed its users yesterday that a data breach had leaked user information. However, the actual truth is more disturbing.

Personal email address connected to thousands of accounts have been revealed, linking real names with Reddit accounts. This makes their past post history — on a site that sells itself on anonymity — a target that can be scraped to reveal plenty of private, highly personal details.

For years Reddit has encouraged people to openly engage in discussions where they reveal deeply personal details, bare their souls, and post fantasies and kinks. Steve Huffman, the site’s co-founder and CEO, has previously said that “privacy is built into Reddit.” It is the anonymity that Reddit promises that makes the site “more like a conversation one has in real life,” Huffman claims.

This breach originally occurred at TypeForm, but because Reddit required users to enter their usernames on that third-party site, their privacy is now compromised and their real identities have been exposed.

Screenshots of the Reddit announcement regarding the data breach can be seen below:

With credentials being bought and sold on the dark web for serious money, significant breaches – often in the millions, and sometimes including card data – seem to be more and more commonplace.

Based on the data stolen, here are specific types of information that are of value to cybercriminals. According to TrendMicro, hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft , and even blackmail. They can also be sold in bulk in deep web marketplaces.

Member name

Date of birth

Social Security number

Member identification numbers

Email address

Mailing and/or physical address

Telephone numbers

Banking account numbers

Clinical information

Claims information

End users are almost never the target of cybercriminals who are out to steal sensitive information in bulk, unless an individual is connected to an industry (for example, Spear Phishing). However, end users can be affected when their records were part of the information stolen from big companies. In such cases, it is best to take note of the following practices.