Reddit has been breached by a hacker which resulted in them accessing the site's internal business systems, as well as stealing internal documents and source code. The threat actors got through by luring Reddit employees with a phishing attack.
The Cyber Attack
The hackers conducted the phishing attack by creating a landing page that appeared and operated like Reddit's intranet site. It was an attempt to acquire an employee's credentials and two-factor authentication token.
Unfortunately, the phishing attack worked on one of Redit's employees. They immediately reported the breach to the company's security team on February 5th, as mentioned in Bleeping Computer, which is how the company learned about the attack.
Through this, the threat actor gained access to internal documents, codes, internal dashboards, and business systems. Reddit says there were no signs that the hackers breached the company's primary production systems, which runs Reddit and stores its data.
Among the exposed data was limited contact information for hundreds of company employees both current and former, as well as limited advertiser information. The attack has been investigated by security, engineering, and data science for several days.
In the initial investigation, Reddit claims that there was no evidence to suggest that any users' non-public data has been accessed. There were also no signs that Reddit's information was published or distributed online, or put up for ransom.
How Reddit Resolved It
The company's security team quickly removed the threat actor's access after the employee's report and started an internal investigation. There have been other phishing attacks same to the one that was reported, which is why the company is monitoring the situation closely.
Reddit is still investigating the issue and is working with its staff to "fortify" their security, also mentioned that the human element is the weakest part of the security chain. Reddit also reminded its users to protect their Reddit accounts.
To do so, it was suggested that users should set up two-factor authentication to add an extra layer of security when accessing their accounts. It was also recommended that a user update their password every few months, using a strong and unique password.
Other Similar Incidents
Much can be learned from the incident on Reddit, as much as they learned from the breach that happened five years ago, wherein accessed user data like email addresses and a 2007 database backup that held old salted and hashed passwords.
They also got through the system by getting a hold of employee accounts, which was done by intercepting an employee's SMS, which held the SMS-based authentication needed for the company's two-factor authentication security measure.
This was also the case for Riot Games when they were breached in late January 2023. The hackers accessed the company's source code as well as its anti-cheat platform on both League of Legends and Teamfight Tactics.
The breach was made possible through a social engineering attack. The data stolen was put up for ransom, and when Riot Games refused to pay, the hacker attempted to auction the Riot Games' source code online starting at $1 million.
