Reddit confirms that a hacker gained access to its internal files on February 5.
The “highly targeted phishing attack,” as the company describes in a report, is all done by a hacker who tricked an employee into clicking a prompt that disguised an intranet gateway to his system.
Reddit data breach happened last week
(Photo: Brett Jordan of Unsplash)
Reddit user passwords and accounts are safe despite the phishing attack.
As one of the Reddit contributors posted on the r/reddit community, the researchers discovered that a hacker launched a phishing attack on Sunday, Feb. 5.
The sophisticated phishing campaign lashed out at some of the company’s staff. Although the probe found that no accounts or passwords had been hacked, the unknown man managed to work his way through the company’s internal documents and codes.
How the hacker managed to access Reddit’s system
To get into Reddit’s system without directly infiltrating the gateway, the anonymous hacker sent “plausible-sounding” prompts to a company employee.
When someone clicks on this prompt, a website appears that looks exactly like the intranet gateway. This is the ideal channel to get the credentials and tokens of the staff and Redditors on the platform.
Based on the information from the thread, there is no evidence that any employee or user’s confidential information was accessed online.
Reddit adds that there is no clear indication that the sensitive data is being distributed to other websites.
Related article: Reddit enables ‘hate speech,’ moderators reveal
How did Reddit handle the phishing attack?
After the unexpected data breach happened on the site, Reddit’s cybersecurity team quickly cut off the hacker’s access.
“We continue to investigate and closely monitor the situation and work with our employees to strengthen our security skills. As we all know, people are often the weakest part of the security chain,” Reddit said in its latest post.
Data breaches are nothing new to Reddit. According to Gizmodo, a similar thread was also released about another phishing attempt five years ago.
The report says a hacker did the same thing at the time. According to Reddit, no data was hijacked during the incident.
What the company is doing so far is good for both employees and users.
By being transparent about the data breach, everyone knows exactly what happened during the situation. They will also learn the solution Reddit found to address the security issue on the platform.
Meanwhile, Business Insider wrote in another Reddit article that some users forced the ChatGPT to break its own rules.
By creating DAN, the AI app’s alter-go, they can ask ChatGPT to answer questions about “illegal activity” and other controversies.
According to the original poster called SessionGloomy, DAN was created to be a better ChatGPT counterpart. In addition, he wanted to know how it responds to discussions with “ethical concerns.”
Also Read: Over 3 Million Redditors Are Buying NFT Avatars Through Reddit Blockchain Wallet
ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.
