American social news giant Reddit was recently on the end of a cyberattack that gave hackers access to the business systems it uses internally. As a result, the attackers involved were able to steal source code and internal documents.
How the cyberattack occurred
The enterprise stated that the hackers behind the cyberattack made use of a phishing tactic that targeted Reddit employees. The threat operators had created a bogus landing page that effectively impersonated the company’s own intranet site. This malicious phishing page was designed to steal and harvest the company credentials of Reddit employees, along with their multi-factor (MFA) authentication tokens.
As soon as one employee was fooled by the cleverly created phishing attack, the malicious actor found a way to penetrate the internal systems of Reddit and exfiltrate with source code and company files.
In a recent security notice released by Reddit, the company detailed the events leading up to the incident and the extent of the breach it is dealing with:
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
Uncovering the incident and investigating the damage
Reddit has stated that it first learned of the dedicated data breach after the member of staff who was tricked by the phishing lure self-reported the event to the firm’s in-house cybersecurity team.
Following its investigation of the malicious attack, Reddit stated that the data stolen in the incident includes a limited amount of contact information for business contacts, along with data on both current and former personnel. The information stolen by the hackers also included some details regarding Reddit’s advertisers. However, the company has clearly stated that no credit card information, advertisement performance data or passwords were accessed by the threat operators.
Reddit has also commented that it can find no indications that the malicious actors infiltrated production systems employed to run its world-famous website.
Although the US company has yet to share any precise details on the phishing attack, Reddit did reference a similar attack pattern that was employed to breach the firm Riot Games.
In the attack on Riot games, threat operators breached the company’s systems and stole source code for three different products belonging to the firm. These included the online multiplayer battle arena League of Legends (LoL), the auto battler game Teamfight Tactics (TFT), along with its legacy anti-cheat platform.
Later, the successful game company received a $10 million ransom request for the private data not to be disclosed. However, Riot Games refused to give into the threat operators demand. The hacker behind the attack then attempted to auction off the source code for League of Legends on a hacker forum taking bids of $10 million or over.
High-profile companies like Reddit are a sought-after target of cybercriminals who are always looking to make headlines and build their reputation.
