A Reddit worker’s credentials were hijacked in a targeted phishing attack, an administrator for the website has unveiled, and hackers were able to infiltrate its systems on the 5th of February.
Seemingly, Reddit employees had been getting “plausible-sounding prompts,” which led to a website that imitate the looks and behavior of its intranet gateway, made as such to loot logins and second-factor tokens of the masses.
While one employee did fall for the scheme, they immediately self-disclosed. That allowed the security team and the website to respond quickly and disconnect the access of interruptions.
Reddit is utilizing $1 million to fund its client’s prominent concepts and competitions
The spokesperson of Reddit claimed the bad actors were able to access some of the website’s “internal docs, code, as well as some internal dashboards and business systems.” Contact information for hundreds of organization contracts, current and former employees, as well as some advertisers were also revealed.
They assured users, however, that the security team exploring the incident has found no evidence that their passwords or any of their non-public data have been distressed. The team also didn’t get evidence that the details stolen from Reddit have been distributed online — at least, at this point in the investigation.
Reddit’s spokesperson claimed the website is “continuing to explore and monitor the situation intently.” They also claimed that the lessons they learned from a security breach five years ago continue to be useful. If the attackers were only truly able to steal some non-user information this time, the 2018 breach was considered to be a much more massive incident.
Back then, bad actors were capable of grabbing the current email addresses of the users, as well as a database backup from 2007 that had account passwords.
