A sophisticated and highly targeted phishing attack led to the hacking of the Reddit systems. Reports say attackers were given access to some internal business systems, code, and documentation.
In an effort to acquire credentials and two-factor tokens, the attacker, as with other phishing attacks, sent out plausible-sounding prompts directing employees to a website that mimicked the behavior of our intranet gateway.
Specifics of Sophisticated Phishing Campaign
On February 5, 2023, late (PST), Reddit learned of a sophisticated phishing campaign that was aimed at Reddit employees.
After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, and code, as well as some internal dashboards and business systems.
“We show no indications of a breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data)”, Reddit explains.
Limited contact information for (presently hundreds of) firm contacts, employees (both present and past), as well as limited advertiser information, were exposed.
“We have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online”, according to Reddit.
Notably, Reddit mention that the impacted employee immediately reported that they had been phished, and the security team rapidly took action by blocking the intruder’s access and starting an internal inquiry.
Without mentioning any names, the company said, “Similar phishing attacks have recently been reported.” It made no mention of the source code that was accessed as a result of the security breach.
“We’re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills”.
“As we all know, the human is often the weakest part of the security chain”, Reddit said.
How to Protect Your Account?
Network Security Checklist – Download Free E-Book
A security researcher identified a vulnerability in TeslaLogger, a third-party software used to collect data…
Threat intelligence feeds provide real-time updates on indicators of compromise (IOCs), such as malicious IPs…
Malware experts all over the world can't do their jobs without YARA. YARA has been…
The cybersecurity company Proofpoint has found a new operation using the SugarGh0st Remote Access Trojan…
The email campaign impersonates the Facebook Ads Team to trick users into clicking a malicious…
"Encrypted DNS Implementation Guidance," a detailed document from the Cybersecurity and Infrastructure Security Agency (CISA),…