Reddit confirmed that it was hacked as a result of a phishing campaign that attacked its internal systems after some of its employees fell for a trick and gave access that affected documents and platform code.

The app assured that the attack was “sophisticated and highly targeted”, that user data is safe and there are no signs of a breach in the primary production systems where the company’s data is stored. social network and the data structure that enables it to function.

“Based on our investigation so far, Reddit users’ passwords and accounts are secure, but on Sunday night (target time) Reddit’s systems were compromised in a sophisticated and highly targeted phishing attack.” They gained access to some internal documents, code and some internal business systems,” the company said.

You might also be interested in: Five Cybercrime Practices That Could Be Augmented by Artificial Intelligence

However, the platform warned that the attackers were able to obtain “limited contact information” of employees and other contacts of some advertisers, but there is no indication that this information is private or in the public domain.

“We have no evidence that your non-public data has been accessed, or that information from Reddit has been published or shared online,” the company said in a statement.

The way the attack was carried out was to expose a fake website to the employees, which led to one of the employees falling for the phishing campaign, accessing the page and giving his credentials, which he later used to carry out the cyber crime. His attack, which took place on February 5.

Although no user data was compromised, Reddit He suggested that everyone enable two-factor authentication processes and change their passwords, which they recommend doing every few months, or use a key manager to add more protection.

You may also be interested in: Bloatware, the mobile problem everyone should know about

The history of 2018 repeats itself

This is not the first time Reddit A similar thing happened to it, almost five years ago in a security breach that resulted in a breach of user data SMS messages Verification, compromising employee accounts and bypassing various authentication factors.

The information the attackers had in that case was user data extracted from the platform’s backups between 2005 and 2007, which included account names, emails, encrypted passwords and the content of registrants from that era.

This may interest you: Xiaomi, OnePlus and Realme are spying on their users

But they also took control of emails sent by Reddit between June 3 and June 17, 2018. A summary of emails containing user account names and email addresses, as well as content suggested to those people by the subreddits they were sent to. that they are subscribed. that.

After the attack was reported, the social network confirmed that it was under control and strengthened security with registration and monitoring systems. Additionally, to enhance the rotation of API keys that were required for user authentication when logging into servers.

A much more complex context than the last phishing attack.

You may also be interested in: Cybersecurity: How a solution designed to prevent leakage of confidential information works