Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Reddit struck by phishing attack, some employee information compromised

Chat and news aggregation site Reddit has reported that it was the target of a successful phishing attack on 5 February.

user icon David Hollingworth
Fri, 10 Feb 2023
Reddit struck by phishing attack, some employee information compromised
expand image

Investigations are ongoing, but so far, Reddit reports that “limited contact information” of hundreds of employees has been accessed. Reddit has not offered details but has assured users in a post in r/reddit that no non-public data has been accessed, nor have any passwords or similar data.

The phishing attack led an employee to a site that mimicked Reddit’s own intranet gateway, which allowed the person behind the phishing attack to access that employee’s credentials. They were then able to access some internal files and dashboards, as well as some “internal business systems”.

However, it looks like no primary systems were accessed, nor any part of the stacks that actually run Reddit or where most of the company’s data is stored.

So far, none of the data that was accessed has been posted online, either.

One of the possible reasons the breach was not more of a problem is that the employee who was phished realised what had happened, and reported the attack right away. This allowed Reddit’s security team to curtail access to its systems and begin looking into what had happened.

“We’re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills,” a spokesperson said in a post.

“As we all know, the human is often the weakest part of the security chain.”

Reddit is continuing to monitor the incident and has suggested all its users enable two-factor authentication on their accounts.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.