Reddit has become a victim of yet another data breach, in which threat actors have accessed the company’s internal documents, dashboards, business systems, and more.
On Thursday, Reddit confirmed that the platform had become a target of a sophisticated phishing attack on February 5th, 2023. The company revealed that the attackers targeted its employees by sending out plausible-sounding prompts via a website that looked exactly like Reddit’s intranet gateway. The objective of this attack was to steal credentials and second-factor tokens.
According to Reddit, Several employees received malicious emails sent via a fake website. One of the employees entered their credentials into this cloned website, which allowed the attacker(s) to hack into Reddit. Reddit asserts that its primary production system wasn’t breached, where Reddit stores most of its data.
After the affected employee informed the Security team, the team learned about the attack, and Reddit then launched an investigation into the incident. The company responded to the incident by removing the invader’s access to its system.
“We’re continuing to closely investigate and monitor the situation and working with our employees to fortify our security skills. As we all know, the human is often the weakest part of the security chain,” Reddit wrote in its blog.
Reddit CTO Christopher Slowe wrote that the attacker could access internal documents, dashboards, and business systems. Exposed data includes limited contact information of company contacts, which are currently in the hundreds, and current/former employees’ data. Reddit noted that limited advertiser info was also exposed.
The company, however, has assured Redditors that their data is secure and was not affected in this incident. “Based on our investigation so far, Reddit user passwords and accounts are safe,” the company’s spokesperson stated.
They further noted that after several days-long investigations by security, engineering, and data science (and friends), the company didn’t find any evidence that its customers’ non-public data was accessed or Reddit’s data was published/distributed online.
Reddit recommends that users switch to two-factor authentication. Slowe also hosted an AMA to answer queries related to the incident and confirmed that the employee who had self-reported the incident wasn’t fired but had been shifted to stocks as a punishment.