Posted on February 7, 2023 at 8:38 PM
Reddit confirms data breach after an employee’s details were compromised
Reddit was the latest victim of a cybersecurity attack. The social media platform was infiltrated by hackers earlier this week. The breach allowed the hackers to steal internal documents and the source code. The hackers obtained these documents by accessing the internal business systems at the company.
Hackers infiltrate Reddit
According to Reddit, hackers infiltrated the platform using a phishing campaign. The campaign targeted Reddit employees through a landing page created to impersonate the company’s intranet site.
The landing page came with the toolset needed by the hackers to gain unauthorized access to the company. The page was used to try and steal employee credentials and access the company’s two-factor authentication system. This action could have allowed the hacker to access the internal business systems at the company.
One of the company employees was a victim of this phishing campaign. The threat actor managed to breach the internal systems at Reddit to steal data and the source code. After tricking the victim into relinquishing control of the company’s systems on the malicious landing page, the hackers could continue with their attacks.
Reddit issued a security incident notice on this incident. The company confirmed that the attackers managed to obtain the credentials of one of the employees, which enabled them to access its internal systems and steal crucial information.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” Reddit said in the security incident notice.
The company also explained that the extent of this breach was limited. It noted that there were no signs that the breach had affected the primary production systems at the company. This system includes the parts of the company’s stacks that run the social media platform and store most of the data.
The company further said that they learned about this breach after the employee whose credentials were compromised self-reported the matter to the security team at the company. It added that the security team responded swiftly to the incident and removed access to the infiltrator. Moreover, the company had also started an internal investigation into the matter, and it was working with employees to fortify security.
Reddit admitted to a rise in phishing campaigns targeted against companies by targeting employees. The company noted that an investigation into the breach revealed that the stolen information includes the limited contact details of the company contacts and the current and former employees.
Part of the stolen data also included information about the company’s advertisers. However, the hackers never managed to access sensitive information like credit card details, passwords, and ad performance. This makes the extent of this breach limited. Reddit further clarified that there were no signs that the hackers compromised the production systems used to run the company’s website.
“Based on several days of the initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online,” the company explained.
Similar attack on Riot Games
Reddit has shared limited details about this phishing campaign, including how the hack happened or the threat actors that were behind the campaign. However, the company referenced a similar attack that was used to target Riot Games.
In the attack that Reddit referred to, threat actors managed to infiltrate Riot Games and access the source code for the League of Legends, which is a popular multiplayer online battle arena. The hackers also accessed the Teamfight Tactics (TFT) auto battle game and a legacy anti-cheap system.
In some cases, phishing campaigns are usually used as a precedent to another malicious intent by the hackers, such as extortion. When hackers obtain sensitive details about the company, they threaten to expose the data to the public if they are not paid a ransom.
The extortion was seen in the exploit on Riot Games. The gaming company received a demand from the hackers to pay a $10 million ransom to guarantee that the stolen data would not be leaked. However, the company refused to pay the ransom. After failing to get the ransom from the company, the hacker later tried to sell the source code for League of Legends on an online hacker forum for $10 million.