Social media platforms Reddit It went on to reassure users that their data was protected after a cyber attack on its systems, in which an unspecified threat actor gained unauthorized access to a limited number of internal documents, code and some internal business systems.
The data breach It came to light on Sunday, February 5, when Reddit’s security team became aware of a “sophisticated” and targeted phishing attack, in which Reddit employees were targeted by seemingly credible email prompts that directed them to a cloned version of the intranet gateway.
Unfortunately, a Reddit employee successfully agreed to enter their credentials and used one Multi-factor authentication Cloned Gateway (MFA) token, giving the threat actor access to Reddit’s internal systems.
However, there is no evidence at this stage of any breach of the company’s primary production systems, namely the parts of its IT stack that run the web-facing Reddit website and store most of its user data.
“The exposure — currently in the hundreds — includes limited contact information for company contacts and employees — current and former, as well as limited advertiser information,” Reddit’s Chief Technology Officer Chris Slow (aka Keysarosa) said. said in a post on the r/reddit subredditDetails of the incident.
“Based on several days of preliminary investigation by security, engineering and data science and friends, we have no evidence that any of your non-public data was accessed or that Reddit information was published or distributed online.
“Soon after being phished, the affected employee self-reported, and the security team responded quickly, removing the intruder’s access and launching an internal investigation. Similar phishing attacks have been reported recently.”
Slough added: “We are continuing to closely investigate and monitor the situation and are working with our staff to strengthen our security capabilities. As we all know, people are often the weakest part of the security chain. Our goal is to fully understand and prevent future incidents of this nature.”
Regardless of the impact on them, he advises Reddit users to set up MFA on their Reddit accounts to add an extra layer of security when accessing the service, and use strong and unique passwords that are changed frequently.
lesson learned
He added that the impact of the breach can be minimized thanks to learning from it Events prior to 2018which reveals user email addresses and salted and hashed passwords from a 2007 database
The 2018 attack exploited a vulnerability in SMS-based MFA To bypass security controls That incident should have stopped happening. Reddit later moved away from SMS-based MFA.
Javad Malik, Chief Security Awareness Advocate KnowBe4described Reddit’s response to the latest incident as “exemplary”.
“While a breach or incident is never a happy event, it is always better to move forward with transparency and practical advice,” says Malik.
“We saw in this incident that despite apparently having MFA, a user was still phished, serving as a timely reminder that no single layer of protection is completely foolproof.
“Perhaps the biggest takeaway for organizations from this incident is that the user who was phished realized their error and reported the issue, which allowed Reddit’s security team to quickly investigate the issue,” he added. “This is why user training is so important, so people not only know how to identify a phishing email, but also how to report it.
“While it’s important to remember that it’s one thing to have a method for reporting phishing, it’s important to have a security culture that allows employees to confidently report issues without fear of negative repercussions.”