Reddit has confirmed that hackers accessed internal documents and source code following a “targeted” phishing attack.
Reddit CTO Christopher Slowe (KeyserSosa) said in a post that the company became aware of a “sophisticated” attack targeting Reddit employees on February 5. Trying to steal your credentials and his two-factor authentication tokens, send them to his website masquerading as Reddit’s intranet portal.
Slowe said that “similar phishing attempts” have been reported recently, but did not provide specific examples. However, he likened the breach to the recent Riot Games hack, where attackers used social engineering tactics to gain access to the source code of the company’s legacy anti-cheat system.
According to Reddit, the hackers managed to obtain the credentials of one employee, giving them access to internal documents, source code, and some internal dashboards and business systems.
Slowe said the company learned of the breach after a phished employee self-reported the incident to Reddit’s security team.
According to Reddit, which is used more than 50 million times a day, the investigation found that limited contact information for “hundreds” of current and former employees, as well as some advertiser information, was accessed. was found to be However, the company says there is “no evidence” to suggest that users’ personal data or other private data has been stolen, published or distributed online.
Regardless, Reddit encourages all users to set up 2FA on their accounts and use a password manager. “It provides an extra layer of security by not only providing a very complex password, but also by warning you before using your password on a phishing site,” says Slowe.
“We continue to investigate and monitor the situation closely and are working with our employees to strengthen our security skills,” he added. is the weakest part of
Reddit suffered an even more serious data breach in 2018, when attackers A complete copy of Reddit data from 2007, including the site’s first two years of operation. This includes usernames, hashed passwords, emails, public posts and private messages.