Reddit’s systems were breached on Sunday, following a successful phishing campaign by the attackers that gave them access to an employee’s credentials and, in turn to Reddit’s source code, internal documents, dashboards and business system. However, the company says no user data was leaked during the attack, and all passwords and accounts are safe.
On February 5, a Reddit employee became a victim of a targeted phishing attack where they entered their credentials in a cloned intranet gateway, allowing attackers to steal their login credentials and two-factor authentication tokens.
While the cybercriminals got a hold of internal documents and code, Reddit believes that the breach didn’t affect their primary production system stacks that run Reddit and store most of the data.
The leaked data includes the contact information of current and former employees, company contacts and limited advertiser information. The company believes that none of the stolen information has been distributed or published online.
“Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack,” Reddit announced on Thursday.
The employee reported the attack soon after being phished, and the attacker’s access was revoked soon after that.
Reddit seems to have learnt from their August 2018 systems breach, where the hacker gained access to user data, including email addresses and a 2005-2007 database backup containing old salted and hashed passwords.
“Based on several days of the initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.”
In the News: ION slowly regains customers following Randomware attack
Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals.
Contact Prayank via email: [email protected]