Reddit is hacked and source code and internal data are stolen

Reddit, a bulletin board-type social news site, announced on February 10, 2023, ``On February 5, a cyber attack was intruded into a business system, and source code and internal documents were stolen.''

We had a security incident. Here's what we know. : reddit

Hackers breach Reddit to steal source code and internal data

Reddit wrote in a thread on its official subreddit, r/reddit, that ``On the night of February 5th, a highly targeted phishing attack resulted in the hacking of Reddit's systems. was secure, but had access to some internal documents, code, and some internal business systems.'

According to the announcement, the threat actor launched a phishing attack using a spoofed Reddit intranet login page to attempt to steal the targeted employee's credentials and two-factor authentication tokens. . One of our employees fell victim to this phishing attack, which allowed the threat actors to infiltrate Reddit's internal systems and successfully steal data and source code. Reddit became aware of the hacking damage after employees self-reported it to Reddit's security team.

Subsequent investigation revealed that the stolen data included contact information for other companies, contact information for some current and former employees, and some information about advertisers. On the other hand, there is no evidence that credit card information, user passwords, materials related to advertising performance, etc. have been accessed, and it has not been confirmed that these data have been published or leaked online.

In fact, this is not the first time Reddit has been compromised by a cyberattack. Reddit also reported in 2018 that hackers who broke into the system accessed user data, such as database backup files containing email addresses and passwords.

According to IT news site BleepingComputer, Reddit did not disclose the details of the phishing attack used in this hack, but said that the game company Riot Games was damaged by the cyber attack. .

In this attack, which took place on January 23, 2023, a threat actor compromised Riot Games' development environment and stole the source code for the popular game League of Legends. The threat actor then demanded a ransom from Riot Games, but since Riot Games refused to pay, he is looking for a source code buyer on a hacking forum.

Hackers are selling the source code of 'League of Legends' stolen from Riot Games - GIGAZINE

by downloadtai 1

Reddit says that the user's password has not been leaked, but to protect the account, set up two-factor authentication, update the password once every few months, and use a password manager. rice field.

in Web Service,   Security, Posted by log1l_ks