Reddit has shared details about a recent hack that occurred on its platform, explaining to users what kind of information was compomised.
According to a post on Reddit the platform was hacked on February 5 using “a sophisticated phishing campaign.” The campaign targeted an employee for their credentials, directing the individual to a clone of the website’s backend, where the attacker was able to successfully obtain the employee’s credentials. Using this, the attacker was able to gain access to internal documents, code and some other information about the platform’s business systems. Apparently, some of this information included contact information for current and past employees, as well as advertiser information. Thankfully, the attacker was not able to gain access to the main part of Reddit which holds user information, like account data and passwords.
Perhaps the reason why Reddit was able to make quick decisions in this situation was that the targeted employee reported the incident, alerting the platform’s security team. This allowed the company to act quickly and remove the attacker’s access to the system. Furthermore, with a heads-up on the situation, the company was able to better understand similar phishing attacks that were being launched on the website. For now, this is just a small part of what’s happening, but the company has vowed to continue its investigation into the situation and better understand it to prevent it from happening again in the future. This will also be an educational moment for its employees, becoming an opportunity to enhance its security going forward.
As far as what Reddit users should be doing, well, nothing really since user data wasn’t compromised. But, Reddit did suggest that it might be a good time to enable two-factor authentication (2FA) on accounts in order to set up a second line of defense, just in case there is ever a breach or problem with the account. The platform also shared another good practice, recommending users to use unique passwords and to update their password every few months. Furthermore, the company suggests using a password manager since it provides extremely complicated password suggestions and keeps them safe.
If you’ve never used such software and are curious about them, you can always check out Karthik Iyer’s password manager exploration, diving into some of the most popular options out there. Furthermore, most browsers have password managers, and he was also able to deep dive into some of them to give you a better idea of what’s out there. If you want more details about Reddit’s security breach, you can head to the source link, where a Reddit AMA was held, answering some questions users had about the incident.