Skip to main content

Reddit breached, here's what you need to know

posted onFebruary 11, 2023
by l33tdawg
Malware Bytes
Credit: Malware Bytes

According to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens. 

One of its employees fell for the phish, and then self-reported, alerting Reddit to what had happened. It says its "security team responded quickly, removing the infiltrator’s access and commencing an internal investigation." The employee's credentials were reportedly used to gain access to "some internal docs, code, as well as some internal dashboards and business systems", which exposed "limited contact information" for company contacts and employees, and information about advertizers.

According to Reddit, your passwords are safe. As a result, there is no need to alter your login details. It also says there are no signs the breach affected "the parts of our stack that run Reddit and store the majority of our data" or "any of your non-public data." Reddit deserves praise for reporting what happened so clearly: Clear messaging, no evasion, and a clear indication of what users should take into consideration. Ironically, the one piece of advice that Reddit offers it users is to set up two-factor authentication (2FA) to protect their accounts.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th