Reddit confirms it was hacked after employee was victim of phishing attack

business
Reddit Confirms It Was Hacked After Employee Was Victim Of Phishing Attack
The popular internet forum said it had so far seen no evidence that user data had been compromised. Photo: PA Archive/PA Images
Share this article

By Martyn Landi, PA Technology Correspondent

Popular internet forum website Reddit has confirmed it was the victim of a cyberattack, with hackers using a phishing attack on employees to steal login details and access the platform’s internal systems.

The company said the attack on February 5th had seen hackers gain access to “internal documents, code, as well as some internal dashboards and business systems”.

Advertisement

However, the online forum said that after several days of investigation, it had “no evidence” to suggest that Reddit user passwords or other information had been compromised or distributed online.

In a statement posted to Reddit, the company said a “sophisticated phishing campaign” had been used to target Reddit employees.

Advertisement

 

A phishing attack involves hackers trying to trick victims into handing over personal information by posing as a credible figure or business in an effort to gain personal information.

“As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behaviour of our intranet gateway, in an attempt to steal credentials and second-factor tokens,” Reddit said of the attack.

“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”

Advertisement

Reddit confirmed the attack had seen “limited contact information” of current and former employees and “limited advertiser information” had been exposed in the attack.

The company said the affected employee in the attack self-reported the incident and the firm’s security team cut off the attacker’s access.

Reddit also used the incident to encourage users to boost their own personal security.

Business
GameStop mulls stock sale after Reddit fans send s...
Read More

“Since we’re talking about security and safety, this is a good time to remind you how to protect your Reddit account,” the company said.

Advertisement

“The most important (and simple) measure you can take is to set up 2FA (two-factor authentication) which adds an extra layer of security when you access your Reddit account.

“And if you want to take it a step further, it’s always a good idea to update your password every couple of months – just make sure it’s strong and unique for greater protection.”

Read More

Message submitting... Thank you for waiting.

Want us to email you top stories each lunch time?

Download our Apps
© BreakingNews.ie 2024, developed by Square1 and powered by PublisherPlus.com