Popular social media platform, Reddit, has confirmed it was the victim of a cyberattack.
Hackers gained access using a phishing attack to steal login details from a single employee and gained access to internal documents, code, and some internal business systems, according to a statement from Reddit on Friday.
The social media platform said that it noted ‘no indications of breach’ on the parts that ran Reddit or stored the majority of its data.
‘As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens,’ said the post.
The online forum said that after several days of investigation, it had ‘no evidence’ to suggest that Reddit user passwords or other information had been compromised or distributed online.
What is a phishing attack?
A phishing attack involves hackers tricking victims into handing over personal information by posing as a credible figure or business in an effort to gain personal information.
Reddit confirmed the attack had seen ‘limited contact information’ of current and former employees and ‘limited advertiser information’ being exposed.
The company said the affected employee in the attack self-reported the incident and the firm’s security team cut off the attacker’s access.
Following the incident, Reddit encouraged users to boost their own personal security.
To keep your Reddit account safe:
- Set up 2FA (two-factor authentication) which adds an extra layer of security when you access your Reddit account
- To take it a step further, update your password every couple of months to make sure it’s strong and unique for greater protection.
- Finally, it’s a good idea to use a password manager. Besides providing complicated passwords, they provide an extra layer of security by warning you before you use your password on a phishing site as the domains won’t match
Source: Read Full Article