Reddit confirmed that its system was hacked last weekend as a result of a sophisticated and highly targeted phishing attack: attackers gained access to documents, code and some internal business systems.
Late on February 5, Reddit became aware of a phishing campaign targeting its employees. The attacker sent a “reasonable-sounding prompt,” pointing the employee to a website that copied the behavior of its intranet gateway, in order to steal logins and second-factor tokens. After obtaining an employee’s login credentials, the attacker gained access to a number of documents and code, as well as several internal control panels and business systems.
Also: What is Phishing? Everything you need to know to protect against phishing emails – and worse
We know all this information because Reddit’s CTO posted about the incident on Reddit. Currently, there’s no indication that a Reddit user’s username and password has been accessed — but Reddit has suggested that users do. multi-factor authentication (MFA) to their account for added protection.
There are two main takeaways from the Reddit security incident. The first is that phishing attacks continue to be a important tool in the arsenal of cybercriminals — we all use emailand a carefully prepared phishing attack can fool even the most security-conscious user.
The second is that Reddit has — I think — made the right choice by being transparent about falling victim to cyber-attackers, publicly disclosing the incident just days after it was first discovered. first.
Despite the pervasive nature of cyber attacks and data breaches, Many victims decide that the best course of action is to keep quiet about what happened — sometimes, they won’t even mention that something went wrong.
Reasons to remain silent include fear of reputational damage, fear of financial loss, or even fear of alerting other cybercriminals that they may be good targets for attacks.
But Reddit’s openness to what happened — and how problems are detected and managed — provides a prime example of how incident disclosure can and should be done, and how it should be. can benefit both a company’s users and customers, as well as the business itself.
According to Reddit, immediately after being scammed, this employee suspected something was wrong and reported the incident himself, and informed the information security team. They responded quickly, removed the intruder’s access, and initiated an internal investigation.
Also: The biggest cybercrime threat is also the one that no one wants to talk about
The important thing here is that an employee brought up their doubts. Keeping silent helps no one but the attacker, who has more time in the network.
But in this case, the employee reported the incident, which Reddit’s CTO commented that he was “extremely grateful” for. in the thread below the original post. As a result, the attacker only has access to the network in a few hours because the security team was able to react quickly.
The speed of discovery — combined with the transparency of the incident — impressed Reddit users, many of whom praised Reddit’s response, including responding to queries about what happened.
Reddit also used the post to encourage users to apply the MFA for Reddit accountand to use a password manager to help stay safe.
At a time when many businesses that fall victim to cyberattacks won’t say anything, Reddit’s openness after the phishing attack provides a good lesson in being transparent about security incidents. cybersecurity — and that’s something other companies can learn from.
As online feedback shows, users and customers will be grateful they were promptly notified of the incident, allowing them to take the necessary steps to secure their accounts.
Unfortunately, the nature of cybercrime means that scams and hacks are a daily occurrence — but one company shows they can handle problems well. is positive for everyone.
MORE ABOUT NETWORK SECURITY
