>
Reddit has confirmed that it recently suffered what appears to have been a fairly large cyberattack, with attackers making off with sensitive company data.
In a security message (opens in new tab)Reddit described the incident as a “sophisticated and highly targeted phishing attack”.
The company noted that the attackers specifically targeted Reddit by building a fake intranet site that was really nothing more than a phishing landing page designed to steal Reddit’s login credentials and multi-factor authentication (MFA) tokens. steal employees. It seems that there is no malware (opens in new tab) had been used.
Access internal documents
After attacking an unknown number of employees, one fell for the trick, giving the attackers access to internal Reddit systems. There, they gained access to sensitive data and source code from Reddit.
“After successfully obtaining the credentials of a single employee, the attacker gained access to some internal documents, code, as well as some internal dashboards and company systems,” Reddit explained in the announcement.
“We have no indications of a breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
The announcement also suggested that users shouldn’t worry too much about their accounts: “Based on our research to date, Reddit user passwords and accounts are safe,” it said.
Reddit said it was alerted to the cyberattack by the victim themselves, who reported it to the company’s security team, it added. Further investigation has revealed, BleepingComputer reports, that among the stolen data are contact information for company contacts, as well as contact information for current and former employees.
In addition, the crooks also took data on corporate advertisers.
Reddit remains operational and the cyberattack has not impacted performance in any way, the company concluded. It also said it had found no evidence that the attackers could breach the production systems used to run the website.
Through: Beeping computer (opens in new tab)