Well-known social news aggregation platform Reddit has disclosed that it was the target of a security incident that enabled unidentified menace actors to gain unauthorized obtain to interior paperwork, code, and some unspecified organization methods.
The company blamed it on a “complex and very-specific phishing attack” that took area on February 5, 2023, targeting its staff members.
The attack entailed sending out “plausible-sounding prompts” that redirected to a web site masquerading as Reddit’s intranet portal in an try to steal credentials and two-factor authentication (2FA) tokens.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
A solitary employee’s credentials is reported to have been phished in this fashion, enabling the risk actor to accessibility Reddit’s interior devices. The influenced personnel self-reported the hack, it additional extra.
The organization, nonetheless, stressed that there is no evidence to counsel that its creation devices ended up breached or that users’ non-public info has been compromised. There is no sign that the accessed information has been released or distributed online.
“Exposure provided restricted call data for (at this time hundreds of) business contacts and workers (current and former), as very well as constrained advertiser info,” Reddit explained.
It additional pointed out “comparable phishing attacks have been not long ago noted” without having using any specific names. It did not disclose what resource code was accessed pursuing the security lapse.
The advancement is still a further indication as to how danger actors are more and more getting means to defeat 2FA by setting up lookalike web pages that are capable of pulling off adversary-in-the-middle (AitM) attacks.
Located this short article appealing? Observe us on Twitter and LinkedIn to read through much more distinctive articles we put up.
Some sections of this post are sourced from:
thehackernews.com
#SOOCon23: Open Source Tools can Automate SBOM Requirements