Well-known social news aggregation platform Reddit has disclosed that it was the target of a security incident that enabled unidentified menace actors to gain unauthorized obtain to interior paperwork, code, and some unspecified organization methods.
The company blamed it on a “complex and very-specific phishing attack” that took area on February 5, 2023, targeting its staff members.
The attack entailed sending out “plausible-sounding prompts” that redirected to a web site masquerading as Reddit’s intranet portal in an try to steal credentials and two-factor authentication (2FA) tokens.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
A solitary employee’s credentials is reported to have been phished in this fashion, enabling the risk actor to accessibility Reddit’s interior devices. The influenced personnel self-reported the hack, it additional extra.
The organization, nonetheless, stressed that there is no evidence to counsel that its creation devices ended up breached or that users’ non-public info has been compromised. There is no sign that the accessed information has been released or distributed online.
“Exposure provided restricted call data for (at this time hundreds of) business contacts and workers (current and former), as very well as constrained advertiser info,” Reddit explained.
It additional pointed out “comparable phishing attacks have been not long ago noted” without having using any specific names. It did not disclose what resource code was accessed pursuing the security lapse.
The advancement is still a further indication as to how danger actors are more and more getting means to defeat 2FA by setting up lookalike web pages that are capable of pulling off adversary-in-the-middle (AitM) attacks.
Located this short article appealing? Observe us on Twitter and LinkedIn to read through much more distinctive articles we put up.
Some sections of this post are sourced from:
thehackernews.com
#SOOCon23: Open Source Tools can Automate SBOM Requirements