For HomeFor BusinessFor Partners
Industry News
1 min read

Reddit Discloses Security Incident – Your Password Is Safe (for Now)

Filip TRUȚĂ

February 10, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Reddit Discloses Security Incident – Your Password Is Safe (for Now)

A “sophisticated and highly-targeted phishing attack” on Reddit caught an employee off guard, leading to a hack of the giant discussion platform, the company said in a notice this week.

The attacker had built a “plausible-sounding” phishing lure guiding employees to a clone of Reddit’s intranet – all crafted to trick staff into divulging their access credentials and second-factor tokens.

All it took was one distracted employee to fall for the scam, which gave the attacker access to “some internal docs, code, as well as some internal dashboards and business systems.”

The hacker is thought to have also accessed limited contact information for hundreds of company contacts and employees (current and former), as well as some advertiser information.

Based on the investigation “so far,” the attacker failed to access primary production systems, while Reddit user passwords and accounts are safe, according to the announcement.

“Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online,” the content aggregator says.

The employee was conscientious enough to report his blunder to security, allowing a quick response that eliminated the infiltrator’s access and triggered an internal investigation.

Reddit says it’s been hit by several such phishing attacks in recent times. This has prompted the company to investigate and monitor the situation closely, as well as re-tutor employees on corporate security best practices.

The company took this opportunity to remind users to enable 2FA (two-factor authentication) if they haven’t done so already, and to consider changing their passwords every couple of months or so, for good measure.

It also recommends that redditors use a password manager to not only ensure that their passwords are strong, but also to combat social engineering schemes.

tags

Industry News

Author

Filip TRUȚĂ

Filip TRUȚĂ

Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

Right now Top posts

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows
Industry News Scam

Netizens Fear Scammers Will Steal Their Savings but Do Little to Defend Themselves, Bitdefender Survey Shows

July 01, 2024

7 min read
Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report
Smart Home

Uncovering IoT Vulnerabilities: Highlights from the Bitdefender - Netgear 2024 Threat Report

June 26, 2024

2 min read
UEFA EURO 2024 Scams Are Already Here – How to Stay Safe
Scam Tips and Tricks

UEFA EURO 2024 Scams Are Already Here – How to Stay Safe

June 25, 2024

5 min read
Most People Still Write Important Passwords Down, Bitdefender Report Finds
Digital Privacy Threats

Most People Still Write Important Passwords Down, Bitdefender Report Finds

June 07, 2024

2 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

Top 10 TikTok Scams to Look Out For
Scam How to

Top 10 TikTok Scams to Look Out For
Cristina POPOV

July 03, 2024

8 min read
4th of July Scams: How to Protect Yourself and Family This Holiday
Scam How to

4th of July Scams: How to Protect Yourself and Family This Holiday
Alina BÎZGĂ

July 02, 2024

3 min read
Coupon Scams: What They Are, How They Happen, and How to Protect Yourself
Scam How to

Coupon Scams: What They Are, How They Happen, and How to Protect Yourself
Alina BÎZGĂ

July 01, 2024

5 min read

Bookmarks

loader