Reddit Admits It Was Hacked

July 3, 2023

Reddit admits it was hacked. On February 5, Reddit revealed it had been breached and data stolen in what they described as a “sophisticated phishing attack.”

In a security post, the social media platform detailed what had transpired. It noted that hackers gained access to internal documents and code, as well as some internal dashboards and business systems.

What We Know

Reddit recently informed its users of a sophisticated and highly-targeted phishing attack which had compromised documents, source code and other internal data. The company discovered the breach after one of its employees self-reported it to their security team.

The attackers took advantage of a weak SMS-based two-factor authentication system used by Reddit to protect accounts. Through this approach, hackers were able to intercept a password-protected employee’s SMS and steal their credentials.

Though this isn’t a major breach, it does serve to emphasize the significance of using strong passwords. Reddit is encouraging users to create unique passwords, change their passwords every few months, and utilize a password manager for extra protection.

It also suggests using two-factor authentication, which requires both a password and code that changes each time you log in, to help prevent stolen passwords from being useful.

However, Reddit still utilizes an outdated version of 2FA that relies on SMS messages to verify your password. This approach has become outdated due to how easily hackers can intercept those texts, according to Slowe.

On February 5, hackers detected a phishing attempt and gained access to internal documents, source code, and other sensitive data. Furthermore, they collected some contact info for hundreds of Reddit employees and advertisers; however, credit card details or ad performance data were not compromised, the company noted.

Reddit was reminded of a much bigger security breach five years prior, when malicious actors gained access to a database backup from 2007 that contained account passwords. As a result, the company said it has learned a great deal from that experience and is working diligently to further enhance its protection measures.

After this recent hack, the company suggests users set up 2FA on their accounts to protect themselves from future phishing attempts. It’s also wise to use a password manager in order to create complex and random passwords which are difficult to crack.

No matter what happened, Reddit is being open and honest about its situation – making it a better company than many. We will be closely monitoring this development to determine how best to prevent similar breaches in the future.

The Attack

Reddit, the social media site, admits it was hacked and its data stolen. As a result, they have issued an urgent call for users to strengthen their security measures and change their passwords following last week’s incident.

Reddit recently disclosed a breach in their systems, admits it was hacked, where an attacker stole email addresses and account credentials from users between June 14-18, according to their post. While the attacker had access to some backup data and source code stored on some systems, he did not gain access to production databases or users’ personal information.

According to the post, an attacker employed a sophisticated phishing attack against Reddit’s internal network. They sent “plausible-sounding prompts” to employees that directed them to a website mimicking Reddit’s intranet gateway. Hackers then attempted to steal login credentials and two-factor authentication tokens, leading to the breach.

Reddit was able to detect the attack quickly, removing its access and avoiding further harm. To further thwart similar attacks in the future, they have implemented measures such as requiring all employees to use token-based two-factor authentication (MFA) for access to internal resources.

As with all breaches, the most effective way to safeguard your data is by updating passwords and using strong, unique security credentials. Additionally, it’s wise to store your password in a secure location and change it if you believe that it has been compromised.

If your account has been compromised, it’s critical to review your online banking statements and notify your bank. If the information is sensitive, ask your bank to block access to your account immediately.

The Reddit incident could have been much more disastrous had the attacker gained access to all of the site’s systems, including its backend and business systems. With that data, they could have stolen contacts information, current/former employees information, as well as advertiser details.

The Reddit breach isn’t the first time a social media platform has been breached and data stolen, but it is one of the most severe to date. Months earlier security firm Cerby warned of disinformation campaigns targeting social media networks. Organizations must adopt an environment which emphasizes data security as paramount to success; encouraging employees to work towards maintaining security measures within their organizations.

Reddit’s Response

Reddit’s openness about the phishing attack is an indication of its well-managed management, and it should help users become more aware of the need to be more vigilant with cyber security. Furthermore, getting breach notifications out quickly allows affected users to take immediate action and make their accounts safer.

The company has issued an apology and pledged to “bolster” employees’ security skillsets. This includes strengthening multifactor authentication for added protection. Furthermore, they urge people to protect their passwords with a strong, unique password as well as using a password manager for added protection.

Reddit did not provide specifics about how the attack occurred, but did note that a staff member who was affected self-reported it and allowed security staff to remove their access. It stressed that this did not compromise primary production systems of the website and that data accessed was limited to contact info for current/former employees as well as advertiser info.

CTO Christopher Slowe’s blog post about the incident details how a hacker gained access to Reddit servers and data through an elaborate phishing attack on its internal network. This involved sending employees seemingly legitimate prompts that directed them to a fake website that looked identical to its intranet gateway.

Once an employee signed in, attackers had access to various Reddit resources such as internal documents, code, dashboards and business systems containing most of Reddit’s stored information. It appears that this attack only affected Reddit’s primary production systems; however it should be noted that hackers often target vulnerabilities within production systems rather than individual websites or services.

Reddit strongly recommended that users enable two-factor authentication on their accounts for extra protection. This is a best practice in the digital space, as it prevents attackers from stealing passwords, private messages and account credentials.

The company’s security, engineering and data science teams conducted investigations to determine whether any of Reddit’s non-public user data had been accessed during the incident. Unfortunately, they found no proof that such information had been published or distributed online.

What You Can Do

On Sunday evening, Reddit, the popular news aggregator and social media site, was hacked by cybercriminals who gained access to its internal business systems and stole confidential information and source code. Posting a security incident notice on the site, hackers pretended to be an internal company email in order to lure employees into clicking on a fake intranet gateway website. With credentials and second-factor authentication tokens they collected, they were able to gain control over internal documents, code, dashboards and some business applications.

However, the attacker did not penetrate Reddit’s primary production systems, which contain most of its data. Instead, they accessed a copy of an older database containing user information from 2005 to 2007.

Though they did not obtain passwords or credit card details, the attacker did manage to obtain employee contact information and advertiser data. Fortunately, this wasn’t enough for them to cause significant harm or allow lateral movement within the company’s network.

Reddit’s security team quickly blocked the threat actor’s access and launched an investigation into what had transpired. Furthermore, a Reddit employee who fell for the phishing attempt alerted them of its compromise, helping to contain any further harm caused.

Reddit also took this opportunity to inform users about its security practices, such as requiring employees to use two-factor authentication. Furthermore, the firm requested all users to alter their passwords – even if they had previously changed them on other websites.

Reddit maintains that the user data in question was secure, however this incident serves as a cautionary tale to anyone using the same password across multiple platforms. Hackers could potentially leverage this information to breach other sites and steal more of its users’ details.

No matter the nature of the data exposed in this incident, it’s imperative to remain alert and vigilant about security – particularly since it may not become evident how damaging a breach can be until weeks or months later. The first step to taking is securing your data; additionally, learning how to protect yourself against similar breaches in the future should also be a top priority.

Ammar Fakhruddin

ABOUT AUTHOR

Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.


Preparing Businesses for AI-Powered Security Threats

Preparing Businesses for AI-Powered Security Threats

Preparing businesses for AI-powered security threats. Stay ahead of evolving cybersecurity challenges with proactive strategies and advanced technologies. When AI goes wrong, the repercussions can be devastating. They range from the loss of life if an AI medical...

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs' risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey...

Vulnerability Prediction with Machine Learning

Vulnerability Prediction with Machine Learning

Advance vulnerability prediction with machine learning. Explore how AI can enhance proactive cybersecurity measures to mitigate potential risks. Machine learning is a field devoted to understanding and building methods that let machines “learn” – that is, methods that...

Recent Case Studies

Mid-size US based firm working on hardware development and provisioning, used DevOps-as-a-...
One of the fastest growing providers of wealth management solutions partnered to build a m...
A US based software startup working on the advancements in genomics diagnostics and therap...

Press Releases

News & Events

Solutions

Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing

Resources

Blog

About Us