The popular social news website and forum Reddit has been hacked (again) and the attacker “gained access to some internal documents, code, as well as some internal dashboards and business systems” but apparently not the primary production systems and User Data.
How did it happen and what is the extent of the breach?
“The exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data was accessed, or that information from Reddit was published or distributed online. said Reddit CTO Christopher Slowe, who goes online with the username “KeyserSosa.”
The investigation is still ongoing and some details have yet to be confirmed, but the breach started like most corporate breaches these days: with a successful phishing attack.
“Late (PST) on February 5, 2023, we learned of a sophisticated phishing campaign targeting Reddit employees. As in most phishing campaigns, the attacker sent plausible-sounding prompts pointing employees to a website cloning the behavior of our intranet gateway, in an attempt to steal second-factor credentials and tokens.” , Slowe shared.
“Shortly after being phished, the affected employee self-reported and the security team responded quickly, removing the insider’s access and beginning an internal investigation.”
All employees have two-factor authentication enabled, both for use on Reddit and for all internal access, he added, but the attacker managed to capture the employee’s login credentials and another access token.
Five years ago Reddit was hacked in a similar way. At the time, some of his employees’ accounts with his cloud hosting providers and source code were compromised, after the attackers compromised the employees’ passwords and intercepted the second factor of authentication sent via SMS.
So perhaps this latest attack will push Reddit to implement hardware FIDO tokens (“physical keys”), which is currently the most secure option for second factor authentication.
Slowe mentioned that he was grateful the employee reported being phished when they realized it happened.
What should users do?
No user data has been accessed, but users have been advised to enable 2FA on their Reddit account (if they haven’t already). Enabling 2FA can prevent you from being affected by attacks involving realistic phishing sites.
“And if you want to go a step further, it’s always a good idea to update your password every two months, just make sure it’s strong and unique for added protection,” Stowe added.
Affected company contacts, employees and advertisers are being contacted.
Cyber security enthusiast. Information security specialist, currently working as a risk infrastructure specialist and researcher.
Experience in risk and control processes, security audit support, COB (business continuity) design and support, work group management and information security standards.
Send news tips to [email protected] or www.instagram.com/iicsorg/.
You can also find us on Telegram www.t.me/noticiasciberseguridad