Reddit was hacked in a phishing attack targeting its employees2023-02-10 19:29 by Daniela
Tags: Reddit, hackers
Reddit says that it was hacked earlier this month, in a security incident that compromised some company data. However, the company says that Redditors have no need to fear because user data was not impacted by the episode-at least, that the company knows of..."so far."
Late on February 5, Reddit became aware of the phishing campaign that targeted its employees. The attacker sent out "plausible-sounding prompts", pointing employees to a website that cloned the behavior of its intranet gateway, in an attempt to steal credentials and second-factor tokens. After obtaining a single employee's credentials, the attacker gained access to some documents and code, as well as some internal dashboards and business systems.
In its statement, Reddit stresses that it doesn't think users were impacted by the digital intrusion.
"Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online," the company says. Reddit used the opportunity to encourage Redditors to beef up their personal account security. "Since we're talking about security and safety, this is a good time to remind you how to protect your Reddit account...Learn how to enable 2FA in Reddit Help."
It's not the first time a successful credential phishing campaign has led to the breach of Reddit's network. In 2018, a successful phishing attack on another Reddit employee resulted in the theft of a mountain of sensitive user data, including cryptographically salted and hashed password data, the corresponding user names, email addresses, and all user content, including private messages.
Read more -here-