Reddit; an American social news aggregation, content rating, and discussion website has disclosed that hackers gained access to the site.
The company stated that in a “highly-targeted” phishing assault, hackers gained access to corporate papers and the source code of the company site.
According to a statement by Reddit CTO Christopher Slowe, or KeyserSosa, the firm became aware of the “sophisticated” attack on Reddit staff on February 5. According to him, an anonymous attacker issued “plausible-sounding prompts” that routed employees to a website posing as Reddit’s intranet portal in an attempt to obtain credentials and two-factor authentication tokens.
Slowe noted that “similar phishing attempts” had been reported recently, but he compared the breach to the recent Riot Games compromise, in which attackers used social engineering tactics to gain access to the company’s legacy anti-cheat system source code.
Hackers successfully gained an employee’s credentials, providing them access to confidential papers and source code, as well as various internal dashboards and business systems, according to Reddit.
Slowe stated that the business discovered the issue after the phished employee self-reported it to Reddit’s security staff. Reddit immediately disabled the infiltrators’ access and launched an internal inquiry.
Reddit, which has over 50 million daily users, said its investigation discovered that contact information for hundreds of current and past workers, as well as advertiser information, had been obtained. According to Reddit, there is “no evidence” that personal user data or other non-public information has been stolen, published, or circulated online.
Regardless, Reddit has advised all users to enable two-factor authentication and use a password manager on their accounts. “They provide an extra layer of security by warning you before you use your password on a phishing site, in addition to providing great complicated passwords,” Slowe explains.
“We’re continuing to investigate and closely monitor the situation, and we’re working with our employees to strengthen our security capabilities,” he added. “We all know that humans are frequently the weakest link in the security chain.”
In 2018, Reddit faced a more significant data breach in which attackers gained access to a complete copy of Reddit data dating back to 2007, encompassing the site’s first two years of operation. Usernames hashed passwords, emails, public posts, and private messages were all included.