Reddit Confirms Phishing Attack - ThreatWire
Added 2023-02-15 18:10:51 +0000 UTCReddit disclosed a security incident last week that occurred due to an employee’s login credentials getting phished. In this breach, an attacker was able to access source code, internal documents, dashboards, business systems and contact details for hundreds of Reddit employees. Production systems and user accounts and password data was not accessed, according to a post about the incident.
Reddit became aware of the phishing campaign on Feb 5, when an attacker sent out prompts to employees to a website that cloned their intranet gateway, attempting to steal employee login credentials and the 2 factor authentication tokens. They successfully obtained some creds, leading to internal access. Employees impacted included former and current, as well as some advertiser information.
The employee who was phished self reported and the security team removed the rogue access.
While Reddit has no indication of user accounts being accessed, they reminded users in the post to enable 2FA and use good password hygiene online.
We don’t know based on this post what form of multi factor authentication Reddit is requiring it’s employees to use. But this does sound like they are not requiring hardware based authentication using FIDO or similar with a key such as a Yubikey. That means employees could be susceptible to authentication or 2fa fatigue, wherein they rely on a push prompt to authenticate and eventually choose yes because they get tired of seeing the popup, or they may rely on OTP such as 6 digit codes sent to an authenticator app, which can be stolen and copied by an attacker. We’ve seen many of these attacks over the last year showing that using hardware based authentication can be a crucial requirement for employees going into the new year.
LINKS:
https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
https://thehackernews.com/2023/02/reddit-suffers-security-breach-exposing.html
