Reddit says that it was hacked earlier this month, in a safety incident that compromised some firm information. Nevertheless, the corporate says that Redditors don’t have any have to concern as a result of consumer information was not impacted by the episode—no less than, that the corporate is aware of of…“to this point.”
In a thread posted to the official r/reddit group on Thursday, an organization rep defined {that a} phishing assault had taken place on the night of Feb. 5. “Primarily based on our investigation to this point, Reddit consumer passwords and accounts are secure, however on Sunday night time (pacific time), Reddit techniques have been hacked because of a complicated and highly-targeted phishing assault,” the assertion reads. “They gained entry to some inside paperwork, code, and a few inside enterprise techniques.”
The hacker, whoever they have been, managed to trick a Reddit worker into clicking on a “plausible-sounding” immediate that forwarded them to a “web site that cloned the conduct of our intranet gateway, in an try and steal credentials and second-factor tokens.” After the hacker nabbed the consumer’s login credentials, they used them to entry “some inside docs, code, in addition to some inside dashboards and enterprise techniques,” as the corporate places it.
In its assertion, Reddit stresses that it doesn’t suppose customers have been impacted by the digital intrusion. “Primarily based on a number of days of preliminary investigation by safety, engineering, and information science (and associates!), we’ve got no proof to counsel that any of your personal information has been accessed, or that Reddit’s info has been revealed or distributed on-line,” the corporate says. Reddit used the chance to encourage Redditors to beef up their private account safety. “Since we’re speaking about safety and security, this can be a good time to remind you easy methods to defend your Reddit account…Study easy methods to allow 2FA in Reddit Assist.”
Relating to minor information breaches, this isn’t Reddit’s first rodeo. In actual fact, roughly 5 years in the past the platform posted a thread with an similar headline, saying that it had been hacked in a considerably related method. It’s good that Reddit is being clear and candid with customers about this incident, though “we don’t suppose any of your information was stolen” has an unlucky behavior of being what an organization says earlier than a bigger breach is introduced. That mentioned, there’s no indication that that’s the case right here—you understand, to this point.
