Reddit employee falls for phishing email, what lessons learned?
A phishing attack has resulted in the theft of some source code and internal documents at Reddit. An employee of the company clicked on a phishing email that redirected to a website that mimicked the company's intranet network.
Phishing is one of the most common ways attackers try to steal login credentials and other sensitive information. Unsurprisingly, even companies with extensive security measures can be vulnerable to these attacks, as Reddit recently discovered.
An employee of the discussion forum company fell for a phishing email that directed him to a website that mimicked Reddit's intranet network. Once there, attackers extracted the employee's login credentials and 2FA tokens. Fortunately for Reddit, the employee was honest about what had happened, allowing the company to quickly intervene and kick the intruders off the network.
Although Reddit claims that the stolen internal documents did not contain any malicious information, it is always worrying when company data falls into the wrong hands. However, the company assures that the intruders did not gain access to the systems that run Reddit and store its data. User accounts are not at risk either, according to Reddit, although the company recommends that you double-check the security of your account.
As a Reddit user, you can take additional security measures such as enabling MFA and using password managers. A password manager can help protect your account from phishing attacks by alerting you if you try to log in from an unknown domain name.
Summary
Phishing remains a popular method for attackers to steal sensitive information and expose organizations to security breaches. As a Reddit user, it is important to be extra cautious when opening emails and to use security measures such as MFA and password managers. Learn from this incident and take the necessary steps to protect your account.
Source: Security.nl
Published by RiskStudio