Reddit has become a victim of yet another data breach, in which threat actors have accessed the company’s internal documents, dashboards, business systems, and more.
On Thursday, Reddit confirmed that the platform had become a target of a sophisticated phishing attack on February 5th, 2023. The company revealed that the attackers targeted its employees by sending out plausible-sounding prompts via a website that looked exactly like Reddit’s intranet gateway. The objective of this attack was to steal credentials and second-factor tokens.
The incident should not come as a surprise, as companies such as Cisco, Twilio, GoDaddy, and others have suffered security breaches due to employees lacking cybersecurity knowledge.
According to Reddit, Several employees received malicious emails sent via a fake website. One of the employees entered their credentials into this cloned website, which allowed the attacker(s) to hack into Reddit. Reddit asserts that its primary production system wasn’t breached, where Reddit stores most of its data.
After the affected employee informed the Security team, the team learned about the attack, and Reddit then launched an investigation into the incident. The company responded to the incident by removing the invader’s access to its system.
“We’re continuing to closely investigate and monitor the situation and working with our employees to fortify our security skills. As we all know, the human is often the weakest part of the security chain.”
Reddit
Reddit CTO Christopher Slowe wrote that the attacker could access internal documents, dashboards, and business systems. Exposed data includes limited contact information of company contacts, which are currently in the hundreds, and current/former employees’ data. Reddit noted that limited advertiser info was also exposed.
The company, however, has assured Redditors that their data is secure and was not affected in this incident. “Based on our investigation so far, Reddit user passwords and accounts are safe,” the company’s spokesperson stated.
They further noted that after several days-long investigations by security, engineering, and data science (and friends), the company didn’t find any evidence that its customers’ non-public data was accessed or Reddit’s data was published/distributed online.
In a comment to Hackread.com, Sam Humphries, Head of Security Strategy, EMEA, Exabeam said that “This latest incident is yet another reminder that all it takes is one employee’s credentials to be stolen to open the door to an organisation’s internal systems.”
“Fortunately, in the case of Reddit, the targeted employee self-reported the incident to their security team, allowing for prompt investigation and response,” Sam added.
He further advised that “Organisations need to place as much (if not more) emphasis on detection as prevention. This will allow them to more efficiently and effectively identify malicious behaviour indicative of a compromised employee account and minimise data theft.”
Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity, pointed out a crucial weakness: employees with no education on cybersecurity. “It’s also crucial to ensure staff are properly trained to identify threats,” Matt emphasised.
“There’s no use investing in sophisticated cybersecurity software and services if employees continue to click on dangerous phishing links that slip through the net, in turn granting cybercriminals access to the business network – It’s like turning on a fancy home security alarm, but leaving a window open – you’ll be left playing catch-up after the bad guys get in,” Matt added.
Nevertheless, Reddit recommends that users switch to two-factor authentication. Slowe also hosted an AMA to answer queries related to the incident and confirmed that the employee who had self-reported the incident wasn’t fired but had been shifted to stocks as a punishment.