Reddit, the well-known social news aggregation platform, has fallen victim to a vicious and calculated phishing attack. On February 5th, 2023, the attackers targeted Reddit’s employees with plausible-sounding prompts that redirected them to a fake website that appeared to be Reddit’s intranet portal.
The sole purpose of this deceitful act was to steal credentials and two-factor authentication tokens from the employees.
Regrettably, the phishing attack was successful in compromising the credentials of one employee, giving the attackers access to Reddit’s internal systems.
The good news, however, is that the affected employee quickly reported the hack, allowing Reddit to respond promptly.
Despite the breach, Reddit assures its users that there is no evidence to suggest that their production systems have been compromised or that any non-public user data has been breached.
Additionally, there is no evidence that the accessed information has been published or distributed online.
The exposure was limited and included contact information for hundreds of company contacts and employees, both current and former, as well as some advertiser information.
Reddit also mentioned that similar phishing attacks have been reported recently, indicating the growing sophistication of threat actors in defeating two-factor authentication systems.
It is imperative that companies take proactive measures to protect their systems and employees from these types of attacks. Don’t let your company become the next victim of a phishing scam. Stay vigilant and stay protected!