- Reddit was the victim of a phishing attack
- Internal documents were stolen
- Users are advised to take security measures
Reddit formalized the bad news in a press release published on Thursday. The social network suffered a “sophisticated” phishing attack that compromised some internal company data. This hack was discovered on February 5th.
However, the platform aims to be reassuring and precise: “Based on several days of initial investigation by Security, Engineering and Data Science, we have no evidence to suggest that any of your non-public data was accessed, or that the information of Reddit have been published or distributed online”.
Information about Reddit employees
Concretely, the hackers managed to trap an employee via a phishing attack. Remember that phishing is a technique used by malicious actors who try to make people believe that they are communicating with a trusted third party to extract their personal data.
The subterfuge was here sufficiently credible according to Reddit, and the employee headed for a “website that cloned the behavior of our intranet gateway, with the intent of stealing credentials. »
The hacker was then able to break into the system and steal some internal information, code, and business data. They : “included limited contact information for contacts and employees (current and former) of the company (currently hundreds), as well as limited information about advertisers. »
If user data does not appear to be compromised, Reddit however suggests that you enable the two-factor authentication (2FA) system which makes it more difficult for cybercriminals.
Change your password
And the social network to add: “Use a password manager!” Besides providing great complex passwords, they provide an extra layer of security by warning you before you use your password on a phishing site… because the domains won’t match! » We have also concocted a very comprehensive guide that lists the different offers on the market.
If you don’t want to use a manager, you can still change your password. You can also visit the site haveibeenpwned.com to verify that your email address has not been compromised. This platform lists the biggest data leaks known to date.
