Reddit, the social media and chat site, which has 50 million users, confirmed on February 5 that one of its systems had been compromised.
According to the company, the attackers claimed to be its intranet site to lure Reddit employees with a phishing trap. This website attempted to steal the two-factor authentication tokens and employee login information.
Reddit said in its report:
After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).
Reddit said that there was no proof that the main systems, those that run Reddit and hold the majority of the data—had been compromised. Furthermore, there is no proof that user accounts or passwords were accessed, according to the current investigation.
Phishing Attack Targeted a Reddit Employee
The attackers used a targeted phishing attack to gain access, deploying a bogus website to send phishing emails to a number of employees. One employee fell victim to this clone website and submitted their login information, giving the attackers access.
According to the Reddit post:
As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behaviour of our intranet gateway. In an attempt to steal credentials and second-factor tokens.
The one employee that was fooled quickly recognised what had happened and “self-reported” the incident to the Reddit security teams, who then acted quickly. After the attack, the company blocked the attacker’s access to its system as a response.
Reddit CTO Christopher Slowe is sure that user passwords and accounts are secure. He confirmed that the data compromised only included advertising data, personal contacts, and business contacts of the company.
Slowe offered to hold an “ask me anything” (AMA) session to close the post. The well-received session gave complete clarity about the situation and Reddit’s public comments, which made some of Reddit’s 50 million subscribers feel more at ease.
Recommendations
Reddit advised users, if they haven’t already, to take the important and easy step of setting up two-factor authentication (2FA) on their accounts. Reddit also advises using a password manager and changing passwords every few months.
Companies must use employee education and training as a primary tool to protect against advanced phishing attacks. A company’s employees may act as an effective first and final line of defence against phishing attacks with the right training and awareness.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology (none of which can spot 100% of phishing emails), you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.