In a statement published to the site, Reddit informed its users that it learned on June 19 that an attacker had gained access to the data through the company’s cloud after compromising some employee accounts sometime between June 14-18. Although the breach was described as being “serious,” it was mainly limited to data, including emails and scrambled passwords, prior to 2007. The hacker did not gain write access to its systems, meaning they were unable to alter Reddit information.

“Now that we’ve concluded our investigation sufficiently to understand the impact, we want to share what we know, how it may impact you, and what we’ve done to protect us and you from this kind of attack in the future,” the site said.

Reddit encourages users to change their passwords if they are similar to those they had in 2007 and to enable token-based two-factor authentication as the hackers reached its systems through SMS intercept.

“We learned that SMS-based authentication is not nearly as secure as we would hope,” said Reddit.

The hacker might have also obtained emails through digests it sent in early June, according to the statement. If so, Reddit users could be potentially robbed of their anonymity if usernames are connected to emails. A user pointed out in the comment section that if privacy is a concern, affected users should delete any “incriminating” posts they could otherwise be traced back to.