Reddit hacked in a phishing attack

Online discussion forum Reddit on Friday confirmed that its systems were hacked as a result of a sophisticated and highly-targeted phishing attack.
After successfully obtaining a single employee's credentials, the attacker gained access to some internal documents, and code, as well as some internal dashboards and business systems.(292Jacob/Wikimedia Commons)

After successfully obtaining a single employee's credentials, the attacker gained access to some internal documents, and code, as well as some internal dashboards and business systems.(292Jacob/Wikimedia Commons)

Reddit

Published on

Online discussion forum Reddit on Friday confirmed that its systems were hacked as a result of a sophisticated and highly-targeted phishing attack.

According to Reddit CTO Christopher Slowe, or KeyserSosa, the company became aware of the "sophisticated" attack targeting its employees on February 5.

"As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens," Slowe said.

After successfully obtaining a single employee's credentials, the attacker gained access to some internal documents, and code, as well as some internal dashboards and business systems.

<div class="paragraphs"><p>After successfully obtaining a single employee's credentials, the attacker gained access to some internal documents, and code, as well as some internal dashboards and business systems.(292Jacob/Wikimedia Commons)</p></div>
Ghana Soccer Player Atsu missing after the earthquake in Turkey

"We show no indications of a breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data)," said the CTO.

Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information.

"We have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online," Slowe wrote in a post.

<div class="paragraphs"><p>After successfully obtaining a single employee's credentials, the attacker gained access to some internal documents, and code, as well as some internal dashboards and business systems.(292Jacob/Wikimedia Commons)</p></div>
China acknowledges entry of airship into US airspace

The company is continuing to investigate and monitor the situation closely and working with its employees to fortify security skills.

"The most important (and simple) measure you can take is to set up 2FA (two-factor authentication) which adds an extra layer of security when you access your Reddit account," said Reddit. (KB/IANS)

logo
NewsGram
www.newsgram.com