Reddit has confirmed that hackers accessed its source code and internal documents following a successful phishing cyberattack on Sunday. The breach saw hundreds of current and former employees have their details exposed, as well as some advertiser information.
Reddit CTO Christopher Slowe, known as KeyserSosa on Reddit, posted on the platform that Reddit systems have been hacked as a result of “a sophisticated and highly targeted phishing attack.”
Reddit cyberattack: phishing campaign successful
According to the post, the cybercriminals launched a phishing campaign targeting Reddit employees. Those who fell for it were led to a page that copied the company’s intranet portal. “The attacker sent out plausible sounding prompts pointing employees to a website that cloned the behaviour of our intranet gateway, in an attempt to steal credentials and second factor tokens,” Slowe said.
The attack was successful with one employee, leading the cybercriminals to access “some internal docs, code, as well as some internal dashboards and business systems,” Slowe added. Contact information for hundreds of current and employees was exposed, along with the advertiser information.
Despite this level of access, criminals did not manage to get their hands on anything that could lead to damaging the system, Stowe claimed. “We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data),” he said.
The attack was short lived, as the employee who fell for the phishing attempt self-reported and the security team was able to shut down the access before any real damage was done, he said.
What should Reddit users do after cyberattack?
Stowe is advising Reddit’s 50 million daily users to implement multi-factor authentication and a password manager in order to protect themselves from negative consequences of such attacks on forums they may be a part of.
Reddit was the victim of a far more serious attack in 2018, where attackers accessed a complete copy of Reddit data from 2007, which included the first two years of the site’s operations, including usernames, emails, passwords, private messages and public posts.
Commenting on the safety of the individual Reddit users in the wake of this attack, Paul Bischoff, consumer privacy advocate at Comparitech said, “Two-factor authentication has long been one of the best ways to prevent compromised passwords from being abused by attackers. This attack shows how, even with 2FA enforced, users can be phished and their accounts hacked. The incident underscores the need to train all staff who use internet-connected devices to spot and handle phishing messages.”
This sort of attack should serve as a warning to all well established companies, a good phishing attack can fool anyone. “Phishing is one of the oldest tools in the cyber criminal’s playbook and is ultimately a matter of email security. This latest phishing attack on Reddit shows that even longstanding and prestigious tech players can fall victim to email security pitfalls,” Bischoff added.
“This attack signals that there needs to be a more concerted effort to develop and deliver the technical tools that minimise employees’ exposure to bogus emails. And possibly the most pivotal tool in this struggle is email authentication protocols, many of which are woefully under-adopted by industry.”