Reddit Confirms Phishing Attack Took Place Last Feb. 5

Reddit user passwords and accounts are safe despite the phishing attack.

Reddit confirms that a hacker gained access to its internal files last Feb. 5.

The "highly-targeted phishing attack," as what the company describes in a report, is all done by a hacker who tricked one staff into clicking a prompt masquerading an intranet gateway to its system.

Reddit Data Breach Happened Last Week

Reddit Confirms Phishing Attack Took Place Last Feb. 5
Reddit user passwords and accounts are safe despite the phishing attack. Brett Jordan from Unsplash

As one of the Reddit employees posted on r/reddit community, the investigators found out that a hacker launched a phishing attack on Sunday, Feb. 5.

The sophisticated phishing campaign took a swipe at some of the staff of the company. Although the probe found out that no accounts or passwords were hacked, the unknown person managed to worm their way through the internal documents and codes of the company.

How the Hacker Managed to Access Reddit's System

To penetrate Reddit's system without directly infiltrating the gateway, the anonymous hacker sent out "plausible-sounding" prompts to a company's employee.

If someone clicks this prompt, a website that looks exactly like the intranet gateway will appear. This will be the ideal channel to obtain the credentials and tokens from the staff and Redditors on the platform.

Based on the information from the thread, there is no evidence that confidential information from an employee or user has been accessed online.

Reddit adds that there's no clear indication that the sensitive details are distributed to other websites.

How Did Reddit Address the Phishing Attack?

After the unexpected data breach happened on the site, Reddit's cybersecurity team quickly took down the access of the hacker.

"We're continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills. As we all know, humans are often the weakest part of the security chain," Reddit said in its latest post.

Data breaches are not new anymore to Reddit. According to Gizmodo, there's also a similar thread released five years ago about another phishing attempt.

The report says that a hacker did the same thing at that time. No data was reportedly hijacked during the incident, according to Reddit.

So far, what the company is doing is good for the part of the employees and users.

By being transparent about the data breach, everyone will know what exactly occurred during the situation. They will also learn the solution that Reddit ended up with to address the security problem on the platform.

Meanwhile, Business Insider wrote in another Reddit article that some users forced the ChatGPT to violate its own rules.

By making DAN, the alter-go of the AI app, they can prompt ChatGPT to answer questions about "illegal activities" and other controversies.

According to the original poster named SessionGloomy, DAN is made to be a better ChatGPT counterpart. In doing so, he wanted to know how it responds to discussions with "ethical concerns."

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics