Cybercriminals are getting smarter and they’re finding new ways to penetrate the high-security walls of companies that store huge amounts of user data. In a fresh set of attacks, Reddit, the popular social media platform was targeted earlier this month, and the mode of the attack? Phishing.
On February 5, Reddit employees were targeted by a large-scale phishing attack. Criminals used directions that were convincing enough for employees to follow, leading them to a website that pretended to be Reddit’s intranet gateway. Even though most employees detected the phishing attempt in time, one employee ended up falling for it.
The criminals gained the employee’s login credentials and two-factor code to get into Reddit’s internal databases. They had access to “internal docs, code, as well as some internal dashboards and business systems”. This allowed the attackers to steal contact information of company accounts and current and former employees along with limited data on advertisers.
Having said that, Reddit confirmed that no user data or the production system used to run the platform has been affected. The internal investigation could not find the exposure of any non-public data of users which is the best-case scenario in such situations. However, a few users have commented their Reddit-specific email address is experiencing an uptick in spam emails in the last few days.
After the attack was carried out, the affected employee self-reported, allowing the security teams to address the issue as soon as possible.
Reddit is one of the most influential news and media platforms and the fact that hackers could successfully carry out phishing attacks exposes the limits of current security measures.
The takeaway
One of the oldest cybercrimes in history is still fooling tech-savvy victims in 2023 and the consequences are devastating. Here are the things we learned from the cyberattack:
- Employees are often the weakest link of security infrastructure. Employees and vendors need more comprehensive and frequent training to implement better cybersecurity hygiene at work. Employees promptly reporting incidents is an encouraging sign.
- Multi-factor authentication (MFA) or two-factor authentications (2FA) are as safe as the people managing them. Hackers are now using MFA fatigue to bombard victims with phishing attacks, hoping someone gets tired and ends up clicking on links to stop the notifications.
Cybersecurity is an evolving process. Hackers bet on victims’ complacency to execute attacks and that’s why you need a top-notch security expert to help you stay two steps ahead. Want to know how you can improve security? Get in touch with MyTek today!