• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
reddit suffers security breach exposing internal documents and source code

Reddit Suffers Security Breach Exposing Internal Documents and Source Code

You are here: Home / General Cyber Security News / Reddit Suffers Security Breach Exposing Internal Documents and Source Code
February 10, 2023

Well-known social news aggregation platform Reddit has disclosed that it was the target of a security incident that enabled unidentified menace actors to gain unauthorized obtain to interior paperwork, code, and some unspecified organization methods.

The company blamed it on a “complex and very-specific phishing attack” that took area on February 5, 2023, targeting its staff members.

The attack entailed sending out “plausible-sounding prompts” that redirected to a web site masquerading as Reddit’s intranet portal in an try to steal credentials and two-factor authentication (2FA) tokens.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A solitary employee’s credentials is reported to have been phished in this fashion, enabling the risk actor to accessibility Reddit’s interior devices. The influenced personnel self-reported the hack, it additional extra.

The organization, nonetheless, stressed that there is no evidence to counsel that its creation devices ended up breached or that users’ non-public info has been compromised. There is no sign that the accessed information has been released or distributed online.

“Exposure provided restricted call data for (at this time hundreds of) business contacts and workers (current and former), as very well as constrained advertiser info,” Reddit explained.

It additional pointed out “comparable phishing attacks have been not long ago noted” without having using any specific names. It did not disclose what resource code was accessed pursuing the security lapse.

The advancement is still a further indication as to how danger actors are more and more getting means to defeat 2FA by setting up lookalike web pages that are capable of pulling off adversary-in-the-middle (AitM) attacks.

Located this short article appealing? Observe us on Twitter  and LinkedIn to read through much more distinctive articles we put up.


Some sections of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News #SOOCon23: Open Source Tools can Automate SBOM Requirements
Next Post: U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks u.k. and u.s. sanction 7 russians for trickbot, ryuk, and»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.