Phishing Scams Compromise Reddit
Are you one of the 330M people that log into Reddit at least every month?
It’s a great community to share and discuss content, from text posts to images. That’s why Reddit is one of the most popular social media networks in the world. Users can also join subreddits, which are communities focused on specific themes that allow for more specialized conversations and discussions about particular topics. Through its user-generated content and community-driven nature, Reddit has become an invaluable resource for many people across all kinds of interests and backgrounds.
In early February, a data breach exposed the administrators’ side of Reddit’s database.
How Threat Actors Got In
Even if 99% of the organization flags and reports spam, that 1% can send the whole organization crumbling down.
On February 5th, one employee fell for a phishing campaign that appears to have been leveraged against many other staff members around the same timeframe. Apparently, a determined cybercriminal had been inundating Reddit workers with messages leading to fake websites that they set up to look like the internal portal that Reddit employees usually use for work. The phishing messages would encourage the target to click on a link that redirected them to the threat actor’s disguised landing page.
When the victim logged in, they inadvertently handed over their login credentials and multi-factor authentication tokens. Due to just that one slip-up, that one time somebody didn’t recognize a phishing scam for what it was, the attacker was able to swipe confidential files, bits of code, and some internal business systems (that’s basically software applications that Reddit relies on to run basic processes). This is a prime example of why security awareness is a 24/7/365 responsibility!
How Users Can Protect Themselves
When they announced the breach, Reddit assured its users that their credentials and data were not affected. Nevertheless, they recommend that users set up MFA on their accounts as an extra safety precaution. They also recommend changing your password once a month, which can be easily accomplished through a password manager. You won’t have to remember a new password every month, either; password managers store and fill log-in information on your behalf! They can even prompt you to change passwords that you’re using on multiple sites or simply when they’re getting old.
This is not the first major breach to affect Reddit, and they’re not the only big website to be victimized in 2023 either. The cyber-threat landscape is becoming increasingly treacherous, and companies of all sizes can find themselves targeted.
If you are notified that your data has been compromised, or may have been exposed in a breach, take immediate action to re-secure your accounts and monitor your credit, systems and profiles for suspicious activity!
Are you prepared for the worst to happen?
In today’s threat landscape, it’s a matter of when, not if, you will have your information exposed in a larger data breach like the one currently under investigation by Reddit. It’s recently happened to Twitter, password manager LastPass, health systems and so many more.
Stay on top of important emails and notifications warning you of potential exposure. You want to take immediate action to protect your sensitive data in the event that something does go wrong.