Popular social information aggregation platform Reddit has disclosed that it was the sufferer of a safety incident that enabled unidentified menace actors to achieve unauthorized entry to inner paperwork, code, and a few unspecified enterprise methods.
The firm blamed it on a “refined and highly-targeted phishing assault” that befell on February 5, 2023, focusing on its workers.
The assault entailed sending out “plausible-sounding prompts” that redirected to a web site masquerading as Reddit’s intranet portal in an try and steal credentials and two-factor authentication (2FA) tokens.
A single worker’s credentials is alleged to have been phished on this method, enabling the menace actor to entry Reddit’s inner methods. The affected worker self-reported the hack, it additional added.
The firm, nonetheless, harassed that there is no such thing as a proof to counsel that its manufacturing methods have been breached or that customers’ private information has been compromised. There isn’t any indication that the accessed info has been printed or distributed on-line.
“Exposure included restricted contact info for (presently lots of of) firm contacts and workers (present and former), in addition to restricted advertiser info,” Reddit mentioned.
It additional famous “related phishing assaults have been lately reported” with out taking any particular names. It didn’t disclose what supply code was accessed following the safety lapse.
The improvement is yet one more indication as to how menace actors are more and more discovering methods to defeat 2FA by establishing lookalike pages which are able to pulling off adversary-in-the-middle (AitM) assaults.