Hundreds of company contacts, advertiser and employees data is stolen.
Reddit, one of the largest social media platforms, suffered a security breach on February 5th, in which threat actors were able to access internal documents and source code. The company confirmed that the attack was carried out through a spear-phishing attack.
Spear-phishing attacks are a type of cyber attack in which an attacker targets a specific organization or individual, using information obtained through social engineering tactics, such as email or instant messaging, to trick the target into revealing sensitive information or installing malware. In Reddit’s case, the attackers were able to gain access to sensitive information by tricking an employee into revealing login credentials.
In response to the breach, Reddit posted an official announcement on their website, detailing what they know about the attack and the steps they have taken to mitigate its impact. Here’s what it says:
What is important to retain is that Reddit confirms that “Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information.”
Even though the company ensures that there’s no evidence that any user data has been accessed by the threat actors, many Reddit users are still concerned. The company, in their turn, proposes to use 2FA (two-factor authentification) for users to protect their accounts from the cyber criminals.
Many Reddit users are questioning why the employee who was targeted by the attackers did not use a password manager that would indicate domain difference. Additionally, some users are also questioning if Reddit invests enough in employee phishing training. Phishing training is an essential part of a comprehensive security awareness program, and it helps to educate employees on the tactics used by attackers to steal sensitive information and the steps they can take to protect themselves and their organizations from these types of attacks.
The Kaduu Team believes that once hackers obtain source code, it is more likely for them to find any vulnerabilities in the company’s systems that weren’t visible before. They also gain knowledge of internal processes and services. All of these rise security risks and chances of being hacked again.
If you liked this article, we advise you to read our previous article about Puma sportswear data breach. Follow us on Twitter and LinkedIn for more content.
Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.