Reddit, the go-to platform for microblogging, was struck by a cyberattack that impacted its systems. The attack occurred on Sunday night (PT) and was executed through a highly-targeted phishing scheme.
Reddit shared a report about details of the incident. According to it, the hacker behind the attack utilized a clever tactic to target employees.
Through persuasive prompts, the attacker directed employees to a website that replicated Reddit’s internal network gateway. The aim was to obtain credentials and two-factor authentication tokens through deceptive means.
With just the credentials of a single Reddit employee in hand, the attacker was able to infiltrate the company’s internal systems, including confidential documents, source code, and various internal dashboards and business systems information.
Reddit cyberattack: What data is being compromised?
Reddit’s investigation revealed that the company’s core systems and data storage were not impacted. The attack’s impact was limited, where limited contact information of company contacts and employees, as well as that of advertisers, was affected.
At the time of writing, the investigation revealed no indications of unauthorized access to sensitive or confidential information. Moreover, no information related to Reddit has been released yet.
The workers, who were compromised, swiftly alerted Reddit’s security personnel, who immediately revoked the hacker’s entry and initiated a comprehensive internal inquiry.
Reddit continues delving deeper into the matter and is collaborating with its employees to enhance their cybersecurity expertise.
How to protect your Reddit account?
Protecting your Reddit account is a top priority, and several measures can be taken to ensure its safety. Two-factor authentication (2FA) is highly recommended, adding a second layer of security when logging into your account.
Furthermore, regularly changing your password and utilizing a password manager can also enhance the protection of your Reddit account.
Reddit will be hosting a special Q&A session where users can ask the team anything, known as an AMA. While the team is eager to address concerns, the ongoing investigation and delicate nature of the situation may limit the level of detail they can provide in their responses.
In the final analysis, although Reddit faced a cyber intrusion, users can rest assured that their passwords and profiles remain secure.
The organization is taking comprehensive measures to completely comprehend the situation and prevent future occurrences. It reminds its users of the importance of taking appropriate security measures to safeguard their accounts.