Reddit is being lauded for the way it responded to a cyber attack that occurred earlier this month. The online forum posted a detailed explanation of the incident, describing it as a “sophisticated phishing campaign” that targeted members of staff.
The criminal hackers used “plausible-sounding prompts” that directed employees to a bogus website that cloned the behaviour of Reddit’s intranet’s gateway. The attackers then attempted to trick people into handing over their login credentials and two-factor authentication tokens.
At least one employee fell for the attacker’s bait. However, thanks to their honesty and attentiveness, they quickly realised what had happened and contacted Reddit’s IT team, who were able to mitigate the damage.
What data was compromised?
Reddit confirmed that the scammer used the compromised login credentials to access “some internal documents, code, as well as some internal dashboards and business systems”.
They also compromised the contact details of a “limited” number of current and former employees.
Fortunately, Reddit said that there was no indication that its primary production systems were compromised. It also said there was “no evidence” to suggest that Reddit users’ passwords or other information had been affected.
Nonetheless, the social media site used the incident to encourage users to boost their account’s security.
“Since we’re talking about security and safety, this is a good time to remind you how to protect your Reddit account,” CTO Chris Slowe said.
“The most important (and simple) measure you can take is to set up 2FA (two-factor authentication) which adds an extra layer of security when you access your Reddit account.
“And if you want to take it a step further, it’s always a good idea to update your password every couple of months – just make sure it’s strong and unique for greater protection.”
How it should be done
Reddit’s handling of this incident is a case study in effective data breach management. The success of its response goes back all the way to the moment the employee realised that they had been phished.
They quickly recognised they had been duped and knew that they were obliged to contact the IT team.
The ideal scenario, of course, would have involved the employee spotting the scam before falling victim, but this is something that organisations cannot rely on. There are hundreds of thousands, if not millions, of phishing emails sent each day, and they are becoming increasingly hard to spot.
Scammers are paying greater attention to detail to their cloned websites, they are finding new ways to mask their bogus URLs and some reports indicate that AI tools such as ChatGPT can help them craft convincing messages.
IT teams have responded to the threat with an array of technological controls, including automated alerts that tell recipients when an email has come from an external or uncommon source.
But the arms race between defence and attack will only continue, with scammers finding ways to bypass defences and land emails in people’s inboxes. From there, it only takes one mistake for a security breach to occur.
When that happens, it’s essential that employees own up to their mistakes. They are often reluctant do so, because they think it will get them in trouble.
But in this case, the employee had no such fear, which is indicative of a strong security culture. It enabled Reddit’s security team to act quickly, removing the infiltrator’s access within a matter of hours.
A few days later, Chris Slowe informed Reddit users of the incidents and answered questions about the incident. The majority of respondents praised the organization for its handling of the incident – particularly its willingness to keep users informed about what wrong and how it responded.
The episode highlights a crucial lesson about information security: what happens after a data breach is as important as what happens before.
Your organisation must take the time to educate everyone about the threats they face and their obligations when dealing with information security risks.
This is a core component of our Phishing Staff Awareness Training Programme, which provides essential guidance to embed a culture of security awareness throughout your organisation.
We use real-world examples to explain how phishing attacks work, the tactics that cyber criminals use and how you can detect malicious emails.
You and your team will receive the expert guidance you need to detect phishing attacks and respond appropriately.
The course content is updated quarterly to include recent examples of successful attacks and the latest trends that criminals use.