Popular social news website and forum Reddit has been breached and the attacker “Gained access to some internal docs, code, as well as some internal dashboards and business systems,” but apparently not to primary production systems and user data.
“Exposure included limited contact information for company contacts and employees, as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science, we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online,” said Reddit CTO Christopher Slowe, who goes online by the handle “KeyserSosa”.
“On late February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees. As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens,” Slowe shared.
All employees have two-factor authentication enabled, both for use on Reddit as well for all internal access, he added, but the attacker managed to nab the employee’s login credentials and other access token.
Five years ago, Reddit was breached in a similar way.
At the time, a few of their employees’ accounts with their cloud and source code hosting providers were compromised, after the attackers compromised employees’ passwords and intercepted the second authentication factor delivered via SMS. So maybe this latest attack will push Reddit to implement hardware FIDO tokens, which is currently the most secure option for the second authentication factor.
