I seriously doubt he individually looked up comment ids and updated them with database commands.

And if he did this for "about an hour" as he said, he clearly didn't use ... WHERE content='fuck u/spez'

It seems likely there's code in the front end that gives him the ability to edit user's comments in his browser. That should not exist.

He probably just scripted it. There doesn't need to be any default functionality for it, if you know how the database works.

Do you honestly believe that they didn't have existing tools for this?

Instead, the CEO logged into the production DB and manually edited individual comments there?

Give them some credit, surely even Reddit staff aren't that terrible.

You know what I have just considered....

Recall when they were trying to sell "social media influencing" services to STRATFOR? [0] [1]

What tools did they create for that "product";

* An astroturfing account mgmt platform? Mass comment editing tool?

* Deep comment search tool?

* comment-graph showing cross /r/ posts by a user to develop a profile of the person?

* Tools to seek out what users from reddit were which users on FB, Google+, Youtube etc.

These all above are just the most obvious off the top of my head.

The schema for reddit comments is (at least when I last looked at it) is fairly simple and it would be easy to create such tools against that data.

Are there any third party services that allow for this.

Especially if you think about DLing the comment blob and then do these retroactively against all comments in the past to graph out the personal-profiles of each user....

BRB, need to head out to get more tin-foil.... for the Turkey! not, /r/conspiracy

[0] https://www.reddit.com/r/subredditcancer/comments/3818ti/nev...

[1] https://www.reddit.com/r/The_Donald/comments/5a3ofc/we_were_...

Dude I didn't know this. Thank you so much for sharing. Wtf.

BTW next time add link to source instead of cancerous subreddits.

https://search.wikileaks.org/gifiles/?viewemailid=282044

I don't know how things would work with a larger database such as reddit as I never worked on one. But I imagine if he had access to the database, he can just go in and change the comment on the database without writing any special program for it. I know reddit uses Postgre and that has a function that lets you go in and change field values.

Really, when you think about it, changing user comments would probably be a really easy undertaking for any forum administrator with access to the database.

The leaked slack chat shows him saying he went directly into the DB with DB commands.

Operationally, the CEO should probably not have write access to a master DB.

the CEO is one of the original developers as I understand it, which is probably why he has access to it. but you are right, he should not have it

So since the founding of Reddit in 2005 and now—we're expected to believe that Reddit hasn't hired a single security expert, engineer or otherwise which has rightfully removed any unnecessary access to user data? This seems incredible to me.