A sophisticated and highly-targeted phishing attack allowed a hacker to gain access to Reddit's internal systems.
Reddit confirmed yesterday that a hacker had managed to gain access to its internal systems, grabbing internal documents and source code in the process.
The "security incident(Opens in a new window)" occurred on the night of Feb. 5 when a hacker cloned the behavior of Reddit's intranet gateway and then attempted to guide the company's employees to it using "plausible-sounding prompts." Those prompts were successful as credentials were stolen and then used to access Reddit's internal systems.
The good news is, Reddit found no breach of its primary production systems and therefore no non-public user data was accessed. The personal information stolen seems to be limited to hundreds of company contacts and advertiser details.
Reddit's security team is still in the process of fully understanding how the attack managed to break through its defenses, but points out "the human is often the weakest part of the security chain." There's also a promise that all information about what they find will be shared publicly.
Even though no sensitive user data was stolen, Reddit is urging all users to turn on two-factor authentication for their accounts. It's easy to do and adds an extra layer of security, as is regularly changing your password, choosing strong passwords, and making the whole process easy by using a reputable password manager.
- Karlston and alf9872000
-
2
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.