Jump to content
Login new information ×
Remember, Matrix ×
Login new information
  • Security & Privacy News

    Reddit suffers security breach after employee falls for phishing attack

    Karlston

    By Karlston,
    Published Date:

    • 504 views
    • 2 minutes
     Share
    • 504 views
    • 2 minutes

    Reddit experienced a security incident last Sunday evening, enabling threat actors to gain access to some of the platform's sensitive data.

     

    According to Reddit, the attack was made possible through a "sophisticated phishing campaign" wherein cybercriminals created a fraudulent yet legitimate-looking landing page of its intranet site. This is a ruse to steal employees' login credentials and two-factor authentication codes.

     

    One employee eventually fell victim to the phishing scam, allowing the threat actors to infiltrate Reddit's code, internal documents, and some internal dashboards and business systems. Despite this, the company claims that there were no indications that its primary production systems were breached.

     

    Reddit says that it became aware of the incident after the employee who fell for the phishing attack self-reported the issue to the company's security team. The team responded by removing the infiltrator’s access and initiating an internal investigation.

     

    "Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information," Reddit stated in its post. "Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online."

     

    The company announced that it is continuing to investigate and monitor the incident closely. It is also working with employees to fortify their security skills.

     

    To stay safe from phishing attacks, always be careful when opening links or downloading attachments from unsolicited emails. Regularly check the URL of the website you're visiting as well. For instance, if the URL doesn't start with "reddit.com" or "paypal.com," or shows something completely different, it's likely fraudulent. Finally, make sure to enable multifactor authentication if available to make it harder for cybercriminals to infiltrate your account.

     

     

    Reddit suffers security breach after employee falls for phishing attack

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...