« Ubisoft can't update 'The Division 2' because of a botched fix | Main | Coca-Cola latest collaboration with RosalĂ­a »
Friday
Feb102023

Reddit got hacked through a phishing attack targeting its employees

Photo: Brett Jordan/Unsplash

Bad actors were able to steal a Reddit employee's credentials through a targeted phishing attack, and hackers were able to infiltrate its systems on February 5. According to a spokesperson from the company, they were able to access some of the site's "internal docs, code, as well as some internal dashboards and business systems." Data like contact information for hundreds of company contracts, current and former employees, and some advertisers were also exposed. However, Reddit assures users that the security team investigating the incident hasn't found any evidence so far that the passwords or any other non-public data have been compromised. They haven't found any indication that the stolen information was shared online, at least for now. Reddit said they are "continuing to investigate and monitor the situation closely."

Reddit employees were apparently getting "plausible-sounding prompts" that lead to a website that mimics the look and behaviour of its intranet gateway. It was designed this way so they can steal people's logins and second-factor tokens. An employee, unfortunately, fell for the scheme but immediately self-reported. This allowed Reddit's security team to respond to the situation.

Source

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>