Reddit Discloses Security Breach Affecting Internal Docs

The popular social media networking giant Reddit has appeared as the latest victim of a cyber attack. According to the official disclosure, the security breach happened when the attackers targeted Reddit systems following a phishing attack. While the users’ accounts remained unaffected, the breach exposed internal documents and other sensitive data to the attackers.

Reddit Security Breach Targeted Its Servers

Sharing the details on their official subreddit, the platform owners revealed a serious security breach that hit Reddit networks on early February 5, 2022.

As disclosed through their post, the service detected a sophisticated phishing attack targeting Reddit employees. The attack attempted to lure the staff into surrendering their login credentials and verification tokens by redirecting them to a fake intranet gateway.

Then, as it happens in such cases, one of the employees fell victim to this attack. And the attackers then used the stolen credentials to access Reddit’s internet data. The breached data includes internal documents, codes, business systems and dashboards, advertiser information, and employee data.

Nonetheless, Reddit confirmed that the incident didn’t impact the core systems that ‘run’ Reddit. Nor did it affect Reddit users’ accounts.

Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.

Reddit elaborated that they quickly responded to the security breach as the affected employee self-reported the matter shortly after the incident. Hence, they blocked the attackers’ access and secured their network.

What Should You Do?

Although Reddit has confirmed no apparent effect on the users’ accounts, nor did their login credentials have an impact. Yet, it’s good to practice caution to avoid digital mishaps.

Hence, Reddit advises users to enable two-factor authentication on their accounts to ensure secure logins. Besides, they recommend using a password manager since they not only store passwords but also save users from filling in login credentials on phishing sites. That’s because “the domains won’t match,” as Reddit says.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients