JAKARTA - Reddit has informed that its platform was successfully hacked by irresponsible parties, who managed to obtain some internal company documents.
In a post shared by Chief Technology Officer (CTO) Reddit, Christopher Slowe said that the company was aware of a phishing campaign targeting company employees since February 5.
The perpetrator sent a request deemed reasonable which then took the employee to a fake Reddit website, and managed to steal the credentials and authentication tokens of the two employee factors.
"After successfully obtaining the credentials of one employee, the attacker obtained access to several internal documents, codes, as well as several internal dashboards and business systems," explained Slowe.
Immediately after phishing, the victim's employee reported himself, and the Security team responded quickly, removing the intruder's access and starting an internal investigation.
"Our goal is to fully understand and prevent incidents like this in the future, and we will use these posts to provide additional updates as we study and be able to share more," Slowe said.
However, the company found no indication of a violation of their main production system, such as a storage area for most user or company data.
Based on the investigations that have been carried out, the company said that Reddit's passwords and user accounts remain safe. "They gained access to some internal documents, code, and some internal business systems," the company concluded.
To help users avoid the same attack, Reddit asks its users to prepare 2FA (two-factor authentication) which adds an extra layer of security when accessing a Reddit account.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
