The Press and Journal (Aberdeen and Aberdeenshire)
Reddit confirms it was victim of phishing attack
Popular internet forum website Reddit has confirmed it was the victim of a cyber attack, with hackers using a phishing attack on employees to steal login details and access the platform’s internal systems.
The company said the attack on February 5 had seen hackers gain access to “internal documents, code, as well as some internal dashboards and business systems”.
However, it said that after several days of investigation, it had “no evidence” to suggest that Reddit user passwords or other information had been compromised or distributed online.
In a statement posted to Reddit, the company said a “sophisticated phishing campaign” had been used to target Reddit employees.
A phishing attack involves hackers trying to trick victims into handing over personal information by posing as a credible figure or business in an effort to gain personal information.
“As in most phishing campaigns, the attacker sent out plausiblesounding prompts pointing employees to a website that cloned the behaviour of our intranet gateway, in an attempt to steal credentials and second-factor tokens,” Reddit said of the attack.
“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
Reddit confirmed the attack had seen “limited contact information” of current and former employees and “limited advertiser information” had been exposed in the attack.
The company said the affected employee in the attack self-reported the incident and the firm’s security team cut off the attacker’s access.