Reddit confirmed yesterday that a hacker had managed to gain access to its internal systems, grabbing internal documents and source code in the process.
The “security incident(Opens in a new window)” occurred on the night of Feb. 5 when a hacker cloned the behavior of Reddit’s intranet gateway and then attempted to guide the company’s employees to it using “plausible-sounding prompts.” Those prompts were successful as credentials were stolen and then used to access Reddit’s internal systems.
The good news is, Reddit found no breach of its primary production systems and therefore no non-public user data was accessed. The personal information stolen seems to be limited to hundreds of company contacts and advertiser details.
Reddit’s security team is still in the process of fully understanding how the attack managed to break through its defenses, but points out “the human is often the weakest part of the security chain.” There’s also a promise that all information about what they find will be shared publicly.
Recommended by Our Editors
Even though no sensitive user data was stolen, Reddit is urging all users to turn on two-factor authentication for their accounts. It’s easy to do and adds an extra layer of security, as is regularly changing your password, choosing strong passwords, and making the whole process easy by using a reputable password manager.
What Is Two-Factor Authentication?
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
