Reddit Hacked in “Sophisticated Phishing” Attack: What You Need to Know
In a recent announcement, Reddit, a popular social news site, revealed that it suffered a cyberattack on February 5th, 2021. According to the company, the attackers used a “sophisticated phishing” technique to target their employees.
This article will provide more information on what happened and how Reddit has responded.
On Sunday night, Reddit disclosed that the attack occurred and that they became aware of it on February 9th. The attackers accessed internal documents, codes, dashboards, and business systems. However, Reddit insists there is no evidence of a security breach on the systems running the platform and storing most of their data. While some data was stolen, including details of their advertisers, passwords and credit card information was not compromised.
Reddit has already investigated the matter, but details are still scarce. The company believes that the attackers accessed their data using a targeted phishing campaign. The attackers sent “plausible-sounding prompts” to employees, which redirected them to a website posing as the company’s intranet portal. Their intention was to steal information and two-factor authentication (2FA) tokens. Unfortunately, the attackers were successful in stealing one employee’s credentials. However, this incident prompted the security team to act immediately, and the attackers’ access was removed.
The company assures its users that personal user and non-public data was not compromised, and the stolen information has not been published or distributed online. However, some internal documents, codes, and business systems were accessed.
Reddit Recommendation to Users
Reddit recommends that users protect their data, such as setting up two-factor authentication (2FA) on their accounts. The platform also suggests that users update their passwords monthly, although security professionals generally advise against this practice. A password manager can help you create a strong and hard-to-guess password or passphrase.
Despite Reddit’s assurance that personal users and businesses were not affected, it is still recommended that users change their Reddit account password. With cyberattacks, it is best to be safe than sorry. Reddit has been a victim of cyberattacks several times, and the company has always been transparent and upfront with such incidents. However, it’s worth noting that “we don’t think any of your personal data has been hacked” has become their response before they announce a large breach.
Reddit’s recent cyberattack highlights the importance of staying vigilant and protecting your data. While the company claims that personal user and non-public data was not compromised, it is still recommended that users take necessary precautions to secure their accounts. Following Reddit’s recommendations, users can add more protection and keep their data safe.
Currently acting as a Director of Managed Services, which coordinates IT efforts to ensure uptime, scalability, performance, and security. I look to ensure that our customers are getting the very best from our team, available technology, and ensuring that we are building trust.
Are You Looking For A New IT Company?
Congratulations! You're In The Right Place.
Mainstreet IT Solutions has successfully helped numerous organizations make the transition to a great IT services relationship. We can help you as well.
Local IT service professionals
IT help desk located in Pennsylvania
Expertise in all the latest technologies
Deep understanding of Microsoft solutions
Protecting your data is a primary focus
And much more.
Click the button below to schedule your initial meeting with our team from Mainstreet IT Solutions.