View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 10, 2023

Reddit phishing cyberattack exposes employee data

By spoofing the company's intranet portal, attackers managed to access internal data, the platform has revealed.

By Claudia Glover

Reddit has confirmed that hackers accessed its source code and internal documents following a successful phishing cyberattack on Sunday. The breach saw hundreds of current and former employees have their details exposed, as well as some advertiser information.

Reddit falls fowl of phishing attack. (Photo by Ink Drop/Shutterstock)

Reddit CTO Christopher Slowe, known as KeyserSosa on Reddit, posted on the platform that Reddit systems have been hacked as a result of “a sophisticated and highly targeted phishing attack.”

Reddit cyberattack: phishing campaign successful

According to the post, the cybercriminals launched a phishing campaign targeting Reddit employees. Those who fell for it were led to a page that copied the company’s intranet portal. “The attacker sent out plausible sounding prompts pointing employees to a website that cloned the behaviour of our intranet gateway, in an attempt to steal credentials and second factor tokens,” Slowe said.

The attack was successful with one employee, leading the cybercriminals to access “some internal docs, code, as well as some internal dashboards and business systems,” Slowe added. Contact information for hundreds of current and employees was exposed, along with the advertiser information.

Despite this level of access, criminals did not manage to get their hands on anything that could lead to damaging the system, Stowe claimed. “We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data),” he said.

The attack was short lived, as the employee who fell for the phishing attempt self-reported and the security team was able to shut down the access before any real damage was done, he said.

What should Reddit users do after cyberattack?

Stowe is advising Reddit’s 50 million daily users to implement multi-factor authentication and a password manager in order to protect themselves from negative consequences of such attacks on forums they may be a part of.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Reddit was the victim of a far more serious attack in 2018, where attackers accessed a complete copy of Reddit data from 2007, which included the first two years of the site’s operations, including usernames, emails, passwords, private messages and public posts.

Commenting on the safety of the individual Reddit users in the wake of this attack,  Paul Bischoff, consumer privacy advocate at Comparitech said, “Two-factor authentication has long been one of the best ways to prevent compromised passwords from being abused by attackers. This attack shows how, even with 2FA enforced, users can be phished and their accounts hacked. The incident underscores the need to train all staff who use internet-connected devices to spot and handle phishing messages.”

This sort of attack should serve as a warning to all well established companies, a good phishing attack can fool anyone. “Phishing is one of the oldest tools in the cyber criminal’s playbook and is ultimately a matter of email security. This latest phishing attack on Reddit shows that even longstanding and prestigious tech players can fall victim to email security pitfalls,” Bischoff added.

“This attack signals that there needs to be a more concerted effort to develop and deliver the technical tools that minimise employees’ exposure to bogus emails. And possibly the most pivotal tool in this struggle is email authentication protocols, many of which are woefully under-adopted by industry.”

Read more: UK phishing attacks target cost of living problems

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.