Skip to main content

This week’s Reddit breach shows company’s security is (still) woefully inadequate

posted onFebruary 11, 2023
by l33tdawg
Arstechnica
Credit: Arstechnica

Popular discussion website Reddit proved this week that its security still isn’t up to snuff when it disclosed yet another security breach that was the result of an attack that successfully phished an employee’s login credentials.

In a post published Thursday, Reddit Chief Technical Officer Chris "KeyserSosa" Slowe said that after the breach of the employee account, the attacker accessed source code, internal documents, internal dashboards, business systems, and contact details for hundreds of Reddit employees. An investigation into the breach over the past few days, Slowe said, hasn’t turned up any evidence that the company’s primary production systems or that user password data was accessed.

“On late (PST) February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees,” Slowe wrote. “As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.”

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th