TRENDING:

Identity & Access Management , Incident & Breach Response , Security Operations

Reddit Data Breach Leaks Code, Internal Data

Breach Phished Employee Credentials Prajeet Nair (@prajeetspeaks) • February 10, 2023    
Reddit Data Breach Leaks Code, Internal Data
Image: Shutterstock

Reddit says hackers penetrated its internal systems via a phishing attack but that user passwords and accounts appear safe.

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

The self-proclaimed "front page of the internet" says hackers gained access to its internal documents, code and some internal business systems.

The attack campaign uncovered on Sunday targeted Reddit employees. Attackers sent "plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens" the company said.

"After successfully obtaining a single employee's credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems."

Reddit says it is continuing to investigate and monitor the situation closely and working with its employees to fortify their security skills.

"Based on several days of the initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online."

The hackers did obtain some contact information for company contacts and current and former employees "as well as limited advertiser information."

A spokesperson for Reddit was not immediately available to comment.

Previous
Merck Germany Exec on Why FIDO is Still Such a Tough Sell
Next
Play Ransomware Lists A10 Networks on Its Leak Site

About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.



Around the Network

How to Simplify Data Protection within your Organization
How to Simplify Data Protection within your Organization
Integrating Generative AI Into the Threat Detection Process
Integrating Generative AI Into the Threat Detection Process
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
Are We Facing a Massive Cybersecurity Threat?
Are We Facing a Massive Cybersecurity Threat?
Top Privacy Considerations for Website Tracking Tools
Top Privacy Considerations for Website Tracking Tools
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.