fbpx
News

Reddit phishing attack compromised employee information

Reddit became aware of the incident on February 5th

Reddit logo on a phone

A “sophisticated and highly-targeted phishing attack” led hackers to access some of Reddit’s internal workings, including documents and code.

The company first became aware of the attack in the evening hours (PST) of February 5th, a post from Reddit CTO Christopher Slowe, under username KeyserSosa, reads. The hacker sent employees prompts to a website that copied the intranet gateway to steal credentials, obtaining one employee’s authorization details.

“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data),” Slowe said.

However, the hacker did gain access to some contacts related to company, employees, and advertiser information. An investigation found no evidence hackers accessed non-public user data or that the stolen information was shared online.

Slowe said users should set up two-factor authentication to add an extra security layer. Users can also change their password every couple of months and use a password manager for additional security.

This isn’t the first time Reddit has faced a cybersecurity incident. A 2018 incident lead hackers to obtain some customer information. But Slowe said lessons learned from that incident “have continued to be useful” in the present attack.

Source: Reddit

MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.

Related Articles

Comments