Reddit has confirmed that its systems were hacked on February 5 following a sophisticated and highly targeted phishing attack.
The attacker sent fraudulent emails to company employees, directing the employees to a website that cloned the behavior of the intranet gateway, in an attempt to steal credentials. After obtaining the credentials of a single employee, the attacker was able to access certain documents and codes, as well as some dashboards and internal business systems.
We all know this information because the CTO of Reddit posted about the incident, as it should be on Reddit. At this time, there is no indication that usernames and passwords of Reddit users have been accessed. But Reddit suggested users apply multi-factor authentication (MFA) to their accounts.
The two essential points of the retex of Reddit
There are two key takeaways from the Reddit security incident.
- The first is that phishing attacks remain an essential tool in the arsenal of cybercriminals. We all use email, and a carefully crafted phishing attack can fool even the most security-conscious user.
- The second is that Reddit has – I think – chosen the right option by being transparent about falling victim to cyber attackers, publicly disclosing the incident just days after it was detected.
Despite the prolific nature of cyberattacks and data breaches, many victims decide the best course of action is to remain silent about what happened – sometimes they don’t even mention that there was an incident. . Reasons for this silence include fear of reputational damage, fear of financial loss, or even fear of alerting other cybercriminals to the fact that they might be a good target for attacks.
But Reddit’s openness to what happened – and how the incident was discovered and handled – is a good example of how disclosure of an incident can and should be made, and how it can benefit a company’s users and customers, as well as the company itself.
An employee who alerts immediately at the start of the attack
According to Reddit, shortly after being phished, the employee suspected something was wrong and reported the incident, alerting the IT security team. The latter reacted quickly by removing the infiltrator’s access and opening an internal investigation. What is also important here is that an employee has come forward with his suspicions. Keeping silent helps no one except the attacker, who spends more time on the network.
But in this case, the employee reported the incident, which Reddit’s CTO said he was “tremendously grateful” for in the thread below the initial post. As a result, the attacker only had access to the network for a few hours, as the security team was able to react quickly.
The speed of detection – combined with the transparency of the incident – was well received by Reddit users, many of whom praised Reddit’s response, which included answering questions about what happened.
A good lesson in transparency in the event of a cybersecurity incident
Reddit also took advantage of this post to encourage users to apply MFA to their Reddit accounts and use a password manager to keep them secure.
At a time when many companies that are victims of cyberattacks are silent, the opening of Reddit after the phishing attack is a good lesson in transparency in the event of a cybersecurity incident, which other companies can learn from. As the reactions online show, users and customers will be grateful to have been informed of the incident quickly, allowing them to take the necessary measures to secure their accounts.
It’s unfortunate that the nature of cybercrime means that phishing and cyberattacks are a daily occurrence, but a company that shows it can handle incidents effectively is positive for everyone.
Source: “ZDNet.com”