Reddit, one of the world’s most popular websites, suffered a cyberattack on Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code. The following lines will explain the details.
The cyberattack that affected Reddit
The company revealed that the hackers employed a phishing lure, targeting Reddit staff with a landing page that imitated its intranet site. This page attempted to acquire employees’ credentials and two-factor authentication tokens.
When the phishing attack tricked one employee, the threat actor was able to gain access to Reddit’s internal systems and steal data and source code. “After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explains Reddit.
Reddit revealed that an employee self-reported the breach to their security team. Upon investigation, they found that the stolen data included limited contact information for company contacts and current and former employees and some details about the company’s advertisers.
However, credit card information, passwords, and ad performance were not accessed. Additionally, there are no signs that the threat actors were able to breach the production systems used to run the website.
So far, Reddit has not disclosed any information about the phishing incident, but they did refer to a similar attack that was used to breach Riot Games.
The cyberattack on Reddit is a reminder that even the most popular websites can be vulnerable to attack. It is important to stay vigilant and take steps to protect yourself and your business.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Photo by Brett Jordan on Unsplash.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp