Reddit suffers security breach after employee falls for phishing attack

Reddit suffers security breach after employee falls for phishing attack

Reddit experienced a security incident last Sunday evening, enabling threat actors to gain access to some of the platform's sensitive data.

According to Reddit, the attack was made possible through a "sophisticated phishing campaign" wherein cybercriminals created a fraudulent yet legitimate-looking landing page of its intranet site. This is a ruse to steal employees' login credentials and two-factor authentication codes.

One employee eventually fell victim to the phishing scam, allowing the threat actors to infiltrate Reddit's code, internal documents, and some internal dashboards and business systems. Despite this, the company claims that there were no indications that its primary production systems were breached.

Reddit says that it became aware of the incident after the employee who fell for the phishing attack self-reported the issue to the company's security team. The team responded by removing the infiltrator’s access and initiating an internal investigation.

"Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information," Reddit stated in its post. "Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online."

The company announced that it is continuing to investigate and monitor the incident closely. It is also working with employees to fortify their security skills.

To stay safe from phishing attacks, always be careful when opening links or downloading attachments from unsolicited emails. Regularly check the URL of the website you're visiting as well. For instance, if the URL doesn't start with "reddit.com" or "paypal.com," or shows something completely different, it's likely fraudulent. Finally, make sure to enable multifactor authentication if available to make it harder for cybercriminals to infiltrate your account.