Reddit was the victim of a security breach last Sunday night, allowing threat actors to access some of its sensitive data.
Reddit claims that the attackers used a sophisticated phishing campaign to create a fake but legitimate landing page for its intranet site. This is a scam to steal employees’ login credentials and two-factor authentication codes.
One employee fell for the phishing scheme, which allowed the threat actors to access Reddit’s code and internal documents. The company claimed no evidence was found that its primary production systems had been compromised.
Reddit says it became conscious of the incident after the employee who fell for the phishing attack self-reported the matter to the company’s security team. The team responded by blocking access to the infiltrator and initiating an internal investigation.
Reddit stated that the exposure included limited contact information of company contacts and employees (current and former), as well as information about the advertiser.
Based on several days of the initial investigation by security engineers, data scientists (and others), We have no evidence that your private data has been accessed or that Reddit’s information was published or distributed online.
The company stated that it would continue to monitor and investigate the incident. The company is working with employees to improve their security skills.
Always be cautious when downloading attachments or opening links from unsolicited email messages to avoid phishing attacks. You should also check the URL of any website you visit regularly. If the URL does not start with “reddit.com,” “paypal.com,” or something else, it is likely to be fraudulent. To make it more difficult for cybercriminals, enable multifactor authentication.
- Getty Images Claims Stable Diffusion Has Stolen 12 Million Copyrighted Images, Demands $150,000 For Each Image