Reddit hacked in phishing attack, platform confirms no user data was leaked

In its official statement, Reddit detailed the phishing attack and offered suggestions to users to safeguard their accounts.

Reddit said that it has no evidence to suggest that any of its non-public data has been accessed or shared in the public domain by the attacker. (Image: Pixabay)

Listen to this article

00:00

1x 1.5x 1.8x

Popular social news aggregation site, Reddit, has confirmed that it was hacked recently. The social news portal said that on February 9 there was an incident of a security breach of its systems. The purported breach took place sometime on February 5.

The security breach has been termed by the company as a ‘sophisticated phishing campaign that targeted Reddit employees’.

“Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems,” said Reddit in its post.

Also Read | Twitter hacked, 200 million user email addresses leaked, researcher says

In its official statement, Reddit detailed the phishing attack and offered suggestions to users to safeguard their accounts. The discussion site stated that the attacker had sent ‘plausible-sounding’ prompts that led employees to a website that cloned Reddit’s intranet gateway to steal credentials and second-factor tokens.

According to the portal, after accessing an employee’s credentials, the attacker further gained access to internal docs, dashboards, business systems, and code. The attack led to the exposure of limited contact information for hundreds of company contacts and employees, and advertiser information to some extent.

Reddit said that it has no evidence to suggest that any of its non-public data has been accessed or shared in the public domain by the attacker. The site concluded this after days of investigation by engineering, security, and data science personnel, and users.

Also Read | Apple and Android phones hacked by Italian spyware: Google

Soon after the attack, the affected employee reported the matter and the security team at Reddit responded quickly. They removed the attacker’s access and initiated an internal investigation. Reddit said that similar attacks were reported in recent times and that it will continue to monitor and investigate such incidents. “We’re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills. As we all know, the human is often the weakest part of the security chain,” read the post by Reddit.

Story continues below this ad

The content aggregator site also reminded its millions of users to take adequate precautions to keep their accounts safe. According to Reddit, ensuring a two-factor authentication will add an extra layer of security to its users. The site also recommended frequently updating passwords and using a password manager as precautionary measures for user safety.