In a recent announcement, Reddit, a popular social news site, revealed that it suffered a cyberattack on February 5th, 2021. According to the company, the attackers used a “sophisticated phishing” technique to target their employees.
This article will provide more information on what happened and how Reddit has responded.
On Sunday night, Reddit disclosed that the attack occurred and that they became aware of it on February 9th. The attackers accessed internal documents, codes, dashboards, and business systems. However, Reddit insists there is no evidence of a security breach on the systems running the platform and storing most of their data. While some data was stolen, including details of their advertisers, passwords and credit card information was not compromised.
Reddit has already investigated the matter, but details are still scarce. The company believes that the attackers accessed their data using a targeted phishing campaign. The attackers sent “plausible-sounding prompts” to employees, which redirected them to a website posing as the company’s intranet portal. Their intention was to steal information and two-factor authentication (2FA) tokens. Unfortunately, the attackers were successful in stealing one employee’s credentials. However, this incident prompted the security team to act immediately, and the attackers’ access was removed.
The company assures its users that personal user and non-public data was not compromised, and the stolen information has not been published or distributed online. However, some internal documents, codes, and business systems were accessed.
Reddit Recommendation to Users
Reddit recommends that users protect their data, such as setting up two-factor authentication (2FA) on their accounts. The platform also suggests that users update their passwords monthly, although security professionals generally advise against this practice. A password manager can help you create a strong and hard-to-guess password or passphrase.
Despite Reddit’s assurance that personal users and businesses were not affected, it is still recommended that users change their Reddit account password. With cyberattacks, it is best to be safe than sorry. Reddit has been a victim of cyberattacks several times, and the company has always been transparent and upfront with such incidents. However, it’s worth noting that “we don’t think any of your personal data has been hacked” has become their response before they announce a large breach.
Reddit’s recent cyberattack highlights the importance of staying vigilant and protecting your data. While the company claims that personal user and non-public data was not compromised, it is still recommended that users take necessary precautions to secure their accounts. Following Reddit’s recommendations, users can add more protection and keep their data safe.