Reddit Admits It Was Hacked in Phishing Assault

Image for article titled Reddit Says It Was Hacked But That You Don't Need to Worry About It. Probably.

Photograph: Diego Thomazini (Shutterstock)

Reddit says that it was hacked earlier this month, in a safety incident that compromised some firm knowledge. Nonetheless, the corporate says that Redditors haven’t any have to concern as a result of person knowledge was not impacted by the episode—not less than, that the corporate is aware of of…“to this point.”

In a thread posted to the official r/reddit neighborhood on Thursday, an organization rep defined {that a} phishing assault had taken place on the night of Feb. 5. “Based mostly on our investigation to this point, Reddit person passwords and accounts are secure, however on Sunday night time (pacific time), Reddit programs have been hacked because of a classy and highly-targeted phishing assault,” the assertion reads. “They gained entry to some inside paperwork, code, and a few inside enterprise programs.”

The hacker, whoever they have been, managed to trick a Reddit worker into clicking on a “plausible-sounding” immediate that forwarded them to a “web site that cloned the habits of our intranet gateway, in an try and steal credentials and second-factor tokens.” After the hacker nabbed the person’s login credentials, they used them to entry “some inside docs, code, in addition to some inside dashboards and enterprise programs,” as the corporate places it.

In its assertion, Reddit stresses that it doesn’t suppose customers have been impacted by the digital intrusion. “Based mostly on a number of days of preliminary investigation by safety, engineering, and knowledge science (and pals!), we now have no proof to recommend that any of your private knowledge has been accessed, or that Reddit’s info has been printed or distributed on-line,” the corporate says. Reddit used the chance to encourage Redditors to beef up their private account safety. “Since we’re speaking about safety and security, this can be a good time to remind you the way to shield your Reddit account…Study the way to allow 2FA in Reddit Assist.”

In the case of minor knowledge breaches, this isn’t Reddit’s first rodeo. The truth is, roughly 5 years in the past the platform posted a thread with an an identical headline, asserting that it had been hacked in a considerably comparable approach. It’s good that Reddit is being clear and candid with customers about this incident, though “we don’t suppose any of your knowledge was stolen” has an unlucky behavior of being what an organization says earlier than a bigger breach is introduced. That mentioned, there’s no indication that that’s the case right here—you understand, to this point.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button