The company says only internal data was stolen, and none of the platform’s 52 million daily users were affected.
On February 5, Reddit employees were victims of a ” sophisticated and highly targeted phishing attack tampering with a page on its intranet site in an attempt to steal their credentials and two-factor authentication tokens.
Stolen employee details
Only one of these employees finally took the bait, leaving free access to internal documents, although the victim reported the incident as soon as possible. Among the stolen data, Reddit explains that there are contact details of current and former employees, the source code of the platform, but also details of the company’s advertisers.
In a subreddit, the company states: We see no evidence of breaches in our core systems (the parts of our stack that run Reddit and store the majority of our data) “. Thus, no information on the means of payment of the users or on their passwords has, it seems, been made accessible.
A bell ringing already heard
This is not the first time the platform has suffered a data breach. Indeed, five years earlier, it had been the victim of a similar attack, without users suffering the consequences. In his post, Reddit refers to a similar attack perpetrated a few days ago against Riot Games. The criminals then stole the source codes of League of Legends and Teamfight Tactics before demanding a ransom from the publisher.
If this is not the case in the current situation (at least for the moment), it is however reassuring to see the social network being transparent about this kind of event. In his post, Reddit takes the opportunity to recommend that users activate two-factor authentication. ” Since we are talking about security and safety, now is a good time to remind you how to protect your account… This is surely the slight echo of a small reminder made internally.
Source : BleepingComputer
7