Reddit has confirmed its systems were hacked last weekend as the result of a sophisticated and highly targeted phishing attack: the attackers gained access to documents, code, and some internal business systems.
Late on February 5, Reddit became aware of the phishing campaign that targeted its employees. The attacker sent out “plausible-sounding prompts”, pointing employees to a website that cloned the behavior of its intranet gateway, in an attempt to steal credentials and second-factor tokens. After obtaining a single employee’s credentials, the attacker gained access to some documents and code, as well as some internal dashboards and business systems.
Also: Phishing attacks are getting scarily sophisticated. Here’s what to watch out for
We know all of this information because Reddit’s CTO posted about the incident on Reddit. Currently, there’s no indication that usernames and passwords of Reddit users have been accessed — but Reddit has suggested users should apply multi-factor authentication (MFA) to their accounts for added protection.
There are two key takeaways from the Reddit security incident. The first is that phishing attacks continue to be a key tool in the cyber criminal’s arsenal — we all use emails, and a carefully crafted phishing attack can trick even the most security-conscious user.
The second is that Reddit has — I think — chosen the right option by being transparent about falling victim to cyber attackers, publicly disclosing the incident just days after it was first detected.
Despite the prolific nature of cyberattacks and