HQ/EMEAFind out how we can help your business
The popular discussion and social news platform Reddit disclosed that threat actors had gained unauthorised access to its source code repository and some contact details for hundreds of its current and past employees.
The US-based social platform has approximately 52 million users worldwide, employing around 700 staff in all its offices. Reddit is a common place for users to post and comment on discussions, queries, and insights, which other users could vote up or down.
A sophisticated and targeted phishing attack made way for hackers to infiltrate Reddit.
Based on reports, the cybersecurity incident on the social platform started from a stolen employee credential stored in a phishing website that impersonated Reddit’s intranet portal. This employee credential had been utilised to access the company’s networks and expose its internal documents, source code, dashboards, and business systems to hackers.
In a statement released by the social platform, users’ account passwords and the company’s production systems were not included in the compromise.
While investigations on the incident show no non-public data misuse or user data theft, Reddit still warned millions of its users to be vigilant against potential threats from attackers. Activating multi-factor authentication and changing account passwords to stronger ones are highly recommended.
Moreover, the employee with the credentials used for the breach had self-reported the incident to Reddit’s security team. Upon learning of the issue, the social platform promptly launched incident response measures and investigations to identify the attack’s scope.
The company described the incident to be a highly targeted phishing attack.
In 2018, the popular social discussion platform also suffered from a cyberattack that compromised users’ data, email addresses, and a database of hashed passwords from the site’s first launch in 2005 to May 2007.
Reddit addressed this five-year-old issue in their latest incident report to users and explained that many of the lessons they have learned from the past security incident have been useful to them in maintaining a safe space and security for all users on the platform.
