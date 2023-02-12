The popular social news aggregation platform, or rather, social media called Reddit has revealed that I was the victim of a security incident that allowed unidentified threat actors to gain unauthorized access to internal documents, source code and certain unspecified corporate systems.

The company blamed it on a “sophisticated and highly targeted phishing attack” that occurred on February 5, 2023, targeting its employees.

The attack involved sending “plausible sounding prompts” redirecting to a website masquerading as a Reddit intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens.

It is believed that the credentials of an individual employee have been phished in this way, allowing the attacker to gain access to Reddit’s internal systems. The affected employee self-reported the hack, according to his own admission.

The company, however, stressed that there is no evidence to suggest that its production systems have been hacked or that non-public user data has been compromised. There is no indication that the information being accessed has been posted or distributed online.

“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information“, has stated Reddit.

He further added that “similar phishing attacks have recently been reported” without taking specific names. You did not disclose which source code was accessed following the security expiration.

A further development is yet another indication that unknown hackers are increasingly finding ways to defeat 2FA by creating similar pages capable of carrying out adversary-in-the-middle (AitM) attacks.

How did the Reddit hack happen?

Second other sourcesthe unfortunate employee, born Christopher Slowe, the attacker “sent plausible messages directing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second factor tokens”

He then said: “After successfully obtaining a single employee’s credentials, the attacker gained access to some internal documents, code, as well as some internal dashboards and corporate systems“, he later added. “We show no indication of a breach of our primary production systems (the parts of our stack that run Reddit and store most of our data).”

In essence, deceptive emails have even deceived an expert in the sector, this applies both to ransomware “attacks” and to phishing attempts like this one.

However, it seems that Christopher Slowe was not the only one who fell into the phishing trap.

Indeed, it appears that the contact information of “hundreds” of past and present employees, advertisers and other business contacts could be accessed, but as mentioned earlier, Slowe said Reddit did not find “no evidence to suggest that any of your non-public data has been accessed or that information from Reddit has been posted or distributed online.”

“As a regular Reddit user, do I risk privacy and personal data issues?”

The question is more than legitimate, while they argue that there is no evidence that they have access to user data, in fact the authors had access to past and present employee profiles, it is conceivable that there is also a list of user credentials.

In that case the wisest thing to do is change password, putting a different and possibly quite complicated one, it would be advisable, among other things, change your e-mail address as well, just to have a little more security.

That said, you can safely enjoy your “living room” on Reddit without any problems.