Reddit suffers a phishing attack as hackers access internal data and a source code

Posted on February 9, 2023 at 6:02 AM

Reddit suffers a phishing attack as hackers access internal data and a source code

Reddit was the latest victim of a phishing campaign. The social media company has confirmed that a breach allowed the hackers to access internal documents and a source code following a “highly targeted” phishing campaign. However, according to the company, the hack did not lead to the loss of sensitive information.

Reddit confirms a phishing attack that compromised employee data 

The Chief Technology Officer at Reddit, Christopher Slowe, commented on this breach saying that on February 5, the company suffered a “sophisticated” breach that targeted employees at the company.

Slower further said the hacker behind this attack was yet to be identified, adding that the attacker sent “plausible-sounding prompts.” These prompts directed the employees to a website that was designed to appear as the intranet portal for Reddit. The hackers were sending these prompts to employees to steal user credentials and obtain access to two-factor authentication tokens.

Slowe also added that similar phishing campaigns have become increasingly popular. However, the executive did not mention the phishing campaigns that threat actors have launched against the company.

The Reddit CTO likened the breach to the Reddit platform on Riot Games. This exploit saw the threat actors adopting social engineering to access the source code used for the company’s anti-cheat system.

The phishing attack against Riot Games led to the attackers stealing the source code for some of the company’s most popular projects, such as League of Legends, Teamfight Tactics, and the legacy anti-cheat platform.

In some cases, hackers use phishing campaigns to extort companies by threatening to release the stolen data to the public if they are not paid a ransom. In the case of Riot Games, the hackers demanded a $10 million ransom that the company refused to pay. The hackers later tried auctioning the League of Legends source code in a hacker forum for $10 million.

The platform said that the hackers conducted this phishing campaign on Reddit using credentials obtained from one employee who fell victim to the phishing campaigns. The hackers gained the details that gave them access to the company’s internal systems. The hackers also gained access to the internal dashboards and the business systems.

Slowe noted that the company learned about this breach after the employee whose details were compromised in the attack self-reported the incident to the security team at the company. The social media company noted that the security team cut access to the hackers as soon as the breach was reported and commenced an internal investigation into the matter.

Reddit is one of the largest social platforms, with over 50 million daily users. The company said that a probe into the breach was currently underway, saying that the hackers managed to access the current and former employees’ contact information. The threat actors also obtained some advertiser information.

Reddit says user data was not affected

According to Reddit, there was no evidence that this breach led to personal user data being leaked. The company also noted no signs that other non-public data had been stolen, published, or even distributed online by attackers.

Nevertheless, the company has urged its users to remain vigilant to ensure that they are not affected by similar attacks in the future. The company has urged all users to create two-factor authentication on their accounts and set up a password manager to guarantee their password information is kept safe.

The company opined that there were benefits to using password managers, such as creating complicated passwords that add an extra layer of security. These tools also warn the user if they share their password on a phishing site, which significantly lowers the chances of their account being compromised.

Slowe noted that the company was still investigating and monitoring this breach. The company was also working closely with the employees to fortify the security measures to ensure that similar attacks do not happen in the future. “As we all know, the human is the weakest part of the security chain,” the company said.

It is not the first time that Reddit is reporting a security breach. The platform reported a major data breach in 2018, where hackers accessed a copy of Reddit data dating back to 2007. The data included information about the company’s operations during its first two years since launch. Part of the stolen data included emails, usernames, private messages, and public posts.

Summary
Reddit suffers a phishing attack as hackers access internal data and a source code
Article Name
Reddit suffers a phishing attack as hackers access internal data and a source code
Description
Reddit was recently hit by a phishing attack. The attack allowed the hackers to access the company's internal documents and source code. Reddit has said that user information was not compromised.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading