Security News > 2023 > February > Reddit reveals security incident that looks more SNAFU than TIFU

Colourful web forum Reddit has revealed it has suffered a security breach.

Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."

Contact information for "Hundreds" of employees past and present, advertisers, and other business contacts were accessed, but Slowe said Reddit has found "No evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online."

The post also reveals that the employee whose creds were phished self-reported the incident, whereupon Reddit's security team removed the attackers access and commenced an internal investigation.

Slowe's responses to comments reveal that the employee who was phished had multifactor authentication enabled, as is compulsory at Reddit, but he declined to detail the time elapsed between detection of the incident and when the attackers' access to Reddit resources was revoked.

Security incidents are never welcome, especially for orgs like Reddit that are reportedly keen to go public.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/10/reddit_security_incident/