Reddit announced that its platform had suffered a hack that compromised some of the company's data on February 5. They confirmed that the users' data (both passwords and private profile information) was not affected by this hack, according to their investigation. The vulnerability in their systems occurred as a result of a highly targeted, sophisticated phishing attack in which one of their employees was deceived.
The main reason affected by this hack was Reddit itself, where the attackers gained access to some internal documents, code, and internal business systems. How did they manage to breach Reddit security? We'll explain it to you right away.
According to the company, the attackers sent "highly reliable messages" to several employees that took them to a fake website that looked almost identical to Reddit's intranet portal. The scam was quickly discovered, but it was only enough for one employee to enter their credentials on this fake site for Reddit to be hacked by the attacker.
In this way, the hacker gained access to sensitive information on the platform, including internal documents, codes, dashboards, and business systems. Of course, there is no indication that they breached the site's key production systems, which is what makes Reddit work. No leaks of Reddit user data have been detected either, so if you have an account with the site don't worry.
Although users weren't affected, Reddit took the opportunity to remind that it's important to activate two-step authentication to prevent a potential password leak that would make you lose your account.
Fares Shady gets the Golden YouTube Shield ~ the youngest YouTuber in Egypt
