- 5 easy ways to transfer photos from your Android device to your Windows PC
- How to get Google's new Pixel 9a for free
- Just installed iOS 18.4? Changing these 3 features made my iPhone much better to use
- 7 strategic insights business and IT leaders need for AI transformation in 2025
- The most underrated robot vacuum I've ever tested is now 60% off
Reddit Hit By Phishing Attack, Source Code Stolen
Reddit suffered a cyber-attack after its internal systems were breached on February 05 due to a “sophisticated” and “highly-targeted” phishing attack that led to employee credential compromise.
“The attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway in an attempt to steal credentials and second-factor tokens,” the company wrote on Thursday.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.”
However, Reddit said there was “no indication” of a breach of the company’s primary production systems, where most of its data is stored.
“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information,” reads the disclosure.
“Based on several days of the initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed or that Reddit’s information has been published or distributed online.”
According to CyberSmart CEO Jamie Akhtar, the breach is a perfect example of the maxim ‘your staff are your most valuable security asset.’
“Despite Reddit having excellent technical security controls in place, cyber-criminals were able to breach its defenses simply by targeting its staff,” Akhtar told Infosecurity in an email.
“Training can help your people better recognize and understand the threats they face. And, more importantly, learn how to avoid them in the first place.”
Erfan Shadabi, a cybersecurity expert with data security specialists comforte AG, echoed Akhtar’s point, adding that a culture of data security and privacy must be sponsored from the top down.
“[This], along with a corporate culture that encourages employees to analyze requests for sensitive data no matter how much time it takes, can turn the tide on this ever-present trend of phishing attacks.”
The Reddit breach comes months after security company Cerby published a report suggesting that the security shortcomings of Reddit and other social media could lead to disinformation.
