Reddit, a popular social news site, disclosed that it was hacked on Sunday night (pacific time). The company announced on February 9th in a posting that they first became aware of the incident that happened on February 5th. It refers to it as “sophisticated phishing” targeting Reddit employees.
According to the CEO, the unidentified persons accessed internal documents, internal dashboards, business systems, and codes. But at the same time, the company reveals that there isn’t proof of a security breach on the systems that run the platform and store most of their data. While they admit that the stolen data included details of their advertisers, they insist that passwords and credit card information were not breached.
What Happened and Reddit Response?
There is still scarce information on this incident and its effect. However, Reddit assures users that it is under investigation. But, according to the firm, attackers gained access to the company’s data using a targeted phishing campaign.
The attacker sent “plausible-sounding prompts” to employees that redirected them to a website masquerading as the firm’s intranet portal. They did this to attempt to steal information and two-factor authentication (2FA) tokens.
Fortunately or unfortunately, they only managed to steal one employee's credentials. But, this enabled the attacker to access Reddit’s internal systems. The said employee self-reported the incident to Reddit’s security teams, prompting them to act immediately. The teams removed the attackers' access and commenced an immediate investigation.
The firm believes there was limited contact with the current and former employees, and advertiser information was exposed. They insist that personal user and non-public data was not compromised. The attacker only managed to access some internal documents, code, and internal business systems. According to the firm, even the stolen information hasn’t been published or distributed online.
Reddit Recommendation to Users
While Reddit believes personal users and businesses were not affected, the platform still encourages individuals to take some measures to protect their data. The management recommended users to set up two-factor authentication (2FA) on their accounts. This adds another layer of protection even if someone has your password.
Reddit also suggests that users update their passwords monthly. However, most security professionals discourage this. Instead, it is best to use a password manager to help you create a strong and hard-to-guess password or passphrase.
But, as the investigations are still going on on the extent of the damage, it is best to change your Reddit account password, even though it hasn’t been compromised in this incident. If we are learning something from these cyberattacks is that the platform only notices the incidents days or even months after the initial attack. So, it is better to be safe than sorry.
Reddit has been a victim of cyberattacks several times. About five years ago, the firm shared a similar thread announcing that they had been hacked in somehow a similar way. The good news is that the firm has always been transparent and upfront with such incidents. But unfortunately, “we don’t think any of your personal data has been hacked” has become their response before they announce a large breach. Nevertheless, there is no indication that users and businesses were affected this time.