Reddit was recently hit by a phishing attack in which employee login credentials were obtained. As a result, cybercriminals managed to get their hands on internal documents containing employee data and parts of the news and community platform’s source code.
According to Reddit, it was discovered in early February that a phishing attack resulted in a data leak of internal documents and source code. More specifically, the attack gave the cybercriminals access to internal documents, source code and to internal dashboards and business systems. They also gained access to contact information of current and former employees and some information from and about advertisers on the platform.
Data on users or other non-public information would not have been stolen or published or distributed online.
Attack strategy
In its statement, Reddit indicated that the cybercriminals attempted to obtain various login credentials through a phishing attack targeted at employees of the platform. In the process, employees were sent virtually indistinguishable from real-life “prompts. These prompts directed affected employees to a website posing as Reddit’s intranet portal. The attackers then stole login credentials and two-factor authentication tokens.
The attack eventually led to a breach at a single employee. It was also this employee who alerted security specialists that a data breach may have occurred.
Response to incident
In response to the incident, Reddit immediately shut down the cybercriminal’s access and launched an internal investigation. In addition, the platform is going to put its people on extra alert for attacks.
Despite the fact that no end-user data was stolen, Reddit indicates that users should apply two-factor authentication to their accounts and use a password manager. The latter step in particular often provides end users with an extra layer of security to protect them from phishing in addition to a strong and complex password, according to Reddit.
Also read: “Humans are the strongest link in the security chain”