{"id":607216,"date":"2023-02-12T07:50:03","date_gmt":"2023-02-12T13:50:03","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/12\/social-media-platform-reddit-breached-in-phishing-attack\/"},"modified":"2023-02-12T07:50:03","modified_gmt":"2023-02-12T13:50:03","slug":"social-media-platform-reddit-breached-in-phishing-attack","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/12\/social-media-platform-reddit-breached-in-phishing-attack\/","title":{"rendered":"Social media platform Reddit breached in phishing attack"},"content":{"rendered":"<div>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.computerweekly.com\/visuals\/ComputerWeekly\/HeroImages\/security-cyber-crime-password-phishing-Philip-Steury-adobe_searchsitetablet_520X173.jpg\" data-credit=\"Philip Steury - stock.adobe.com\"  width=\"520\" height=\"173\" alt><\/p>\n<p>Philip Steury &#8211; stock.adobe.com<\/p>\n<\/p><\/div>\n<div id=\"content-header\">\n<h2>An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>10 Feb 2023 12:30<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>Social media platform <a href=\"https:\/\/www.reddit.com\/\">Reddit<\/a> has moved to reassure its users that their data is secure, after a cyber attack on its systems that saw an unspecified threat actor gain unauthorised access to a limited number of internal documents, code and some internal business systems.<\/p>\n<p>The <a href=\"https:\/\/www.computerweekly.com\/resources\/Data-breach-incident-management-and-recovery\">data breach<\/a> first came to light on Sunday 5 February, when Reddit\u2019s security team became aware of the \u201csophisticated\u201d and targeted phishing attack, where Reddit employees were targeted with seemingly plausible email prompts that directed them to a cloned version of its intranet gateway.<\/p>\n<p>Unfortunately, one Reddit employee was successfully convinced to enter their credentials and used a <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/multifactor-authentication-MFA\">multi-factor authentication<\/a> (MFA) token on the cloned gateway, giving the threat actor access to Reddit\u2019s internal systems.<\/p>\n<p>There is, however, no evidence at this stage of any breach of the organisation\u2019s primary production systems, meaning the parts of its IT stack that run the web-facing Reddit website and store the majority of its user data.<\/p>\n<p>\u201cExposure included limited contact information for \u2013 currently hundreds of \u2013 company contacts and employees \u2013 current and former, as well as limited advertiser information,\u201d Reddit chief technology officer Chris Slowe (aka KeyserSosa) <a href=\"https:\/\/www.reddit.com\/r\/reddit\/comments\/10y427y\/we_had_a_security_incident_heres_what_we_know\/\">said in a post to the r\/reddit subreddit<\/a>, detailing the incident.<\/p>\n<p>\u201cBased on several days of initial investigation by security, engineering and data science, and friends, we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit\u2019s information has been published or distributed online.<\/p>\n<p>\u201cSoon after being phished, the affected employee self-reported, and the security team responded quickly, removing the infiltrator\u2019s access and commencing an internal investigation. Similar phishing attacks have been recently reported.\u201d<\/p>\n<p>Slowe added: \u201cWe\u2019re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills. As we all know, the human is often the weakest part of the security chain. Our goal is to fully understand and prevent future incidents of this nature.\u201d<\/p>\n<p>Regardless of the impact on them, he advised Reddit users to set up MFA on their Reddit accounts to add additional layers of security when accessing the service, and use strong and unique passwords that are changed frequently.<\/p>\n<section data-menu-title=\"Lessons learned\">\n<h3><i data-icon=\"1\"><\/i>Lessons learned<\/h3>\n<p>He added that the impact of the breach may have been lessened thanks to lessons learned from <a href=\"https:\/\/www.computerweekly.com\/news\/252446157\/Reddit-breach-exposes-2FA-flaws\">a previous incident in 2018<\/a>, which exposed user email addresses, and salted and hashed passwords from a database dating back to 2007.<\/p>\n<p>The 2018 attack exploited vulnerabilities in SMS-based MFA <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/answer\/How-were-attackers-able-to-bypass-2FA-in-a-Reddit-breach\">to bypass security controls<\/a> that should have stopped the incident from occurring. Reddit later moved away from SMS-based MFA.<\/p>\n<p>Javvad Malik, lead security awareness advocate at <a href=\"https:\/\/www.knowbe4.com\/\">KnowBe4<\/a>, described Reddit\u2019s response to the latest incident as \u201cexemplary\u201d.<\/p>\n<p>\u201cWhile a breach or incident is never a pleasant occurrence, getting ahead of the fact with transparency and practical advice is always good,\u201d said Malik.<\/p>\n<p>\u201cWe see in this incident that despite apparently having MFA, a user was still phished, serving as a timely reminder that no single layer of protection will be completely fool-proof.\u00a0<\/p>\n<p>\u201cPerhaps the biggest takeaway for organisations from this incident is that the user that was phished realised their error and reported the issue which allowed Reddit\u2019s security team to quickly investigate the issue,\u201d he added. \u201cThis is why user training is so important, so that people can not only identify a phishing email, but know how to report it.\u00a0<\/p>\n<p>\u201cIt\u2019s worth remembering though that having a method to report phishing is one thing, but it\u2019s important to have a culture of security which allows employees to confidently report issues without the fear of any negative repercussions.\u201d<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Identity and access management products<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/252526838\/Dropbox-code-compromised-in-phishing-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/cloud-datacenter-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/cloud-datacenter-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/cloud-datacenter-adobe.jpg 1280w\" alt ><\/p>\n<h5>Dropbox code compromised in phishing attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/252525290\/Threat-actors-abused-lack-of-MFA-OAuth-in-spam-campaign\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/email-microsoft-exchange-2-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/email-microsoft-exchange-2-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/email-microsoft-exchange-2-adobe.jpg 1280w\" alt ><\/p>\n<h5>Threat actors abused lack of MFA, OAuth in spam campaign<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252524236\/Mitiga-Attackers-evade-Microsoft-MFA-to-lurk-inside-M365\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g846011096_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g846011096_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g846011096.jpg 1280w\" alt ><\/p>\n<h5>Mitiga: Attackers evade Microsoft MFA to lurk inside M365<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/news\/252524209\/Criminal-0ktapus-spoofed-IAM-firm-in-massive-phishing-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/phishing-attack-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/phishing-attack-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/phishing-attack-adobe.jpg 1280w\" alt ><\/p>\n<h5>Criminal 0ktapus spoofed IAM firm in massive phishing attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365531132\/Social-media-platform-Reddit-breached-in-phishing-attack\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Tama Schroeder<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Philip Steury &#8211; stock.adobe.com An unspecified threat actor obtained access to internal documents, code and business systems at Reddit after stealing employee credentials in a phishing attack By Alex Scroxton, Security Editor Published: 10 Feb 2023 12:30 Social media platform Reddit has moved to reassure its users that their data is secure, after a cyber<\/p>\n","protected":false},"author":1,"featured_media":607217,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1125,700,46],"tags":[],"class_list":{"0":"post-607216","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-media","8":"category-social","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/607216","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=607216"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/607216\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/607217"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=607216"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=607216"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=607216"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}