Reddit: Hackers accessed internal data in response to employee phishing attack
Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack.
A post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that the company became aware of the “sophisticated” attack targeting Reddit February 5, 2005, employees He says that an as-yet-unidentified attacker sent “plausible-sounding prompts” that redirected employees to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication tokens.
Slowe claimed that “similar attempts at phishing” were reported in the past, but didn’t name any specific examples. Slowe said that similar phishing attempts have been reported recently, but he did not name specific examples. Riot Games hack, which saw attackers use social engineering tactics to access source code for the company’s legacy anticheat system.
Reddit said that hackers successfully obtained a single employee’s credentials, enabling them to gain access to gained access internal documents and source code as well as some internal dashboards and business systems.
Slowe explained that the company discovered the breach when a phished employee reported the incident to Reddit security. Reddit was able to quickly close the infiltrators access and initiate an internal investigation.
Reddit, which has more than 50 million daily uses, said its investigation has concluded that limited contact information for “hundreds” of current and former employees, as well as some advertiser information, was also accessed. Reddit claims that it has no evidence to show that any personal user data or non-public data have been stolen, published, distributed, or shared online.
Reddit suggests that users create 2FA accounts and then use it. password manager. Slowe states that they not only provide complex passwords but also add an extra layer to security by warning you before using your password on any phishing site.
“We’re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills,” he added. “We all know that humans are often the weakest link in the security chain.”
Reddit suffered a more serious data breach in 2018 that saw attackers access a complete copy of Reddit data from 2007, comprising the first two years of the site’s operations. This includes usernames, passwords, emails and private messages.