Reddit suffered a cyber-attack immediately after its interior techniques were breached on February 05 because of to a “sophisticated” and “highly-targeted” phishing attack that led to employee credential compromise.
“The attacker sent out plausible-sounding prompts pointing personnel to a web site that cloned the behavior of our intranet gateway in an attempt to steal credentials and 2nd-factor tokens,” the business wrote on Thursday.
“After correctly acquiring a one employee’s credentials, the attacker acquired entry to some inside docs, code, as effectively as some interior dashboards and small business devices.”
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Even so, Reddit explained there was “no indication” of a breach of the company’s principal production methods, where by most of its facts is stored.
“Exposure incorporated minimal get in touch with data for (at the moment hundreds of) enterprise contacts and personnel (existing and former), as well as constrained advertiser information and facts,” reads the disclosure.
“Based on several times of the first investigation by security, engineering, and facts science (and buddies!), we have no proof to counsel that any of your non-community knowledge has been accessed or that Reddit’s data has been released or dispersed online.”
According to CyberSmart CEO Jamie Akhtar, the breach is a perfect case in point of the maxim ‘your personnel are your most valuable security asset.’
“Despite Reddit obtaining excellent technological security controls in location, cyber-criminals have been capable to breach its defenses basically by focusing on its personnel,” Akhtar told Infosecurity in an email.
“Training can assist your men and women improved understand and fully grasp the threats they face. And, far more importantly, understand how to steer clear of them in the first place.”
Erfan Shadabi, a cybersecurity specialist with info security experts comforte AG, echoed Akhtar’s stage, including that a lifestyle of details security and privacy ought to be sponsored from the best down.
“[This], along with a company lifestyle that encourages workforce to evaluate requests for delicate facts no matter how substantially time it can take, can turn the tide on this ever-existing pattern of phishing attacks.”
The Reddit breach will come months right after security business Cerby revealed a report suggesting that the security shortcomings of Reddit and other social media could lead to disinformation.
Some parts of this posting are sourced from: