Reddit has confirmed it just lately suffered what appears to have been a reasonably important cyberattack that noticed attackers make off with delicate firm information.
In a security notice (opens in new tab), Reddit described the incident as a “refined and highly-targeted phishing assault”.
The corporate famous that the attackers particularly focused Reddit, establishing a faux intranet website which, in actuality, was nothing greater than a phishing touchdown web page designed to steal Reddit staff’ login credentials and multi-factor authentication (MFA) tokens. It appears that evidently no malware (opens in new tab) was used.
Inside paperwork accessed
After focusing on an unknown variety of staff, one fell for the trick, giving the attackers entry to inner Reddit programs. There, they accessed delicate information and Reddit supply code.
“After efficiently acquiring a single worker’s credentials, the attacker gained entry to some inner docs, code, in addition to some inner dashboards and enterprise programs,” Reddit defined within the announcement.
“We present no indications of breach of our main manufacturing programs (the components of our stack that run Reddit and retailer nearly all of our information).”
The announcement additionally urged that customers shouldn’t be too frightened about their accounts: “Based mostly on our investigation thus far, Reddit person passwords and accounts are secure,” it stated.
Reddit stated it was alerted to the cyberattack by the sufferer itself, who reported it to the corporate’s safety workforce, it was added. Additional investigation has decided, BleepingComputer reviews, that among the many information stolen are contact info for firm contacts, in addition to contact info for present and former staff.
Moreover, the crooks took information about firm advertisers, as properly.
Reddit stays operational and the cyberattack didn’t have an effect on its efficiency in any manner, the corporate concluded. It additionally stated that it discovered no proof the attackers had been capable of breach manufacturing programs used to run the web site.
By way of: BleepingComputer (opens in new tab)