Reddit has confirmed that it was recently the victim of a phishing attack with which cybercriminals gained access to some internal company documents, but has insisted that user data is safe.
LOOK: WhatsApp will implement the voice note transcription function in its latest beta for iOS
The company has commented that the threat actor involved in this incident distributed a fraudulent campaign against some of its employees and managed to trick one of them into accessing their internal systems.
It was last Sunday, February 5, when the company became aware of "a sophisticated phishing campaign” addressed to its workers, in which the shipment took place "of indications that seemed plausible and that redirected employees to a website that cloned the behavior” of your intranet.
LOOK: Easier and faster: use these AI applications as a replacement for Microsoft Office programs
After obtaining the worker's credentials, the cybercriminal gained access to some internal documents and codes “as well as some internal panels and commercial systems”as explained in a statement.
Reddit has insisted that, despite having accessed a good part of its systems, Reddit user account and password data “they are sure” and that does not have “evidence suggesting that none of your private data was accessed or that information from Reddit was posted or distributed online.”
With this, he has indicated that, after learning about the attackthe affected employee reported this issue to the company's security teamthat “responded quickly” and removed access from the malicious actor. It also launched an internal investigation to clarify what happened.
LOOK: Starlink already works in Peru: how much does Elon Musk's satellite Internet cost?
Reddit has pointed out that it continues analyzing and monitoring this situation and he has said that he is aware that "Human beings are usually the weakest part of the chain of safety". Thus, he has indicated that he has the objective of understanding "completely" the impact of the attack, as well as prevent future incidents of this nature.
Finally, he has encouraged the platform users to configure the two-factor authentication system (2FA) to add an extra layer of security to your accounts, as well as update the access password every two months.