{"id":21212,"date":"2023-02-10T16:10:44","date_gmt":"2023-02-11T00:10:44","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/02\/10\/news-14944\/"},"modified":"2023-02-10T16:10:44","modified_gmt":"2023-02-11T00:10:44","slug":"news-14944","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2023\/02\/10\/news-14944\/","title":{"rendered":"Reddit breached, here&#8217;s what you need to know"},"content":{"rendered":"<p>On Thursday, February 9, 2023, Reddit reported that it had <a href=\"https:\/\/www.reddit.com\/r\/reddit\/comments\/10y427y\/we_had_a_security_incident_heres_what_we_know\/\" target=\"_blank\">experienced a security incident<\/a> as a result of an employee being phished.<\/p>\n<h2>What happened?<\/h2>\n<p>According to Reddit, it &#8220;became aware of a sophisticated phishing campaign&#8221; late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens.<em><\/em><\/p>\n<p>One of its employees fell for the phish, and then self-reported, alerting Reddit to what had happened. It says its &#8220;security team responded quickly, removing the infiltrator&rsquo;s access and commencing an internal investigation.&#8221;<\/p>\n<p>The employee&#8217;s credentials were reportedly used to gain access to &#8220;some internal docs, code, as well as some internal dashboards and business systems&#8221;, which exposed &#8220;limited contact information&#8221; for company contacts and employees, and information about advertizers.<\/p>\n<p>According to Reddit, your passwords are safe. As a result, <strong>there is no need to alter your login details<\/strong>. It also says there are no signs the breach affected &#8220;the parts of our stack that run Reddit and store the majority of our data&#8221; or &#8220;any of your non-public data.&#8221;<\/p>\n<p>Reddit deserves praise for reporting what happened so clearly: Clear messaging, no evasion, and a clear indication of what users should take into consideration. Ironically, the one piece of advice that Reddit offers it users is to set up two-factor authentication (2FA) to protect their accounts.<\/p>\n<p>The right kind of 2FA&mdash;2FA that relies on hardware keys or <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/05\/google-apple-and-microsoft-walk-hand-in-hand-into-a-passwordless-future\">FIDO2 devices<\/a>&mdash;could have prevented its own employee from being phished. Still, any form of 2FA is better than none, so we encourage you to set up 2FA on Reddit. Its app-based 2FA can&#8217;t protect you from phishing, but it will stop all kinds of assaults on your passwords.<\/p>\n<h2>How to set up 2FA on Reddit<\/h2>\n<p>You&rsquo;ll need to make use of an app to generate the six-digit code required to log in alongside your password. <a href=\"https:\/\/reddithelp.com\/hc\/en-us\/articles\/360043470031-What-is-two-factor-authentication-and-how-do-I-set-it-up-\" target=\"_blank\">From the FAQ<\/a>:<\/p>\n<ul>\n<li>Click on your username in the top right of your screen.<\/li>\n<li>Select User Settings and click on the Privacy &amp; Security tab.&nbsp;<\/li>\n<li>Under Advanced Security, you&rsquo;ll see the Use two-factor authentication control. To enable it, click the toggle to on.<\/li>\n<li>Next, enter your password and click Confirm.&nbsp;<\/li>\n<li>Follow the step-by-step instructions to set up your authentication and don&rsquo;t forget to save your <a href=\"https:\/\/reddithelp.com\/hc\/en-us\/articles\/360058446411\" target=\"_blank\">backup codes<\/a>.&nbsp;<\/li>\n<li>After setup, you may be asked to log out and log back in to your account. Moving forward, you&rsquo;ll need to enter a 6-digit code from your authenticator app every time you log in to Reddit.<\/li>\n<\/ul>\n<p>With this in place, your account will be a lot more secure with or without a breach of some kind lurking in the background. Now it&rsquo;s time to take a look at the breach notification. In their own words:<\/p>\n<h2>An incident notification done well<\/h2>\n<p>As anyone in security will tell you, breaches are a matter of &#8220;if, not when&#8221;, so it matters how companies respond when they are breached. Reddit has handled it well so far.<\/p>\n<p>The very first paragraph of its notification is a &ldquo;too long, didn&rsquo;t read&rdquo; for those in a real hurry. It reads as follows and is very clear about what went on, and what users need to do:<\/p>\n<blockquote>\n<p>&ldquo;Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems.&rdquo;<\/p>\n<\/blockquote>\n<p>Although the main body of text of the notification is not particularly complicated, this shorter paragraph breaks things down to their bare bones, so absolutely anyone can understand what&rsquo;s taken place. This doesn&rsquo;t always happen in breach notification situations!<\/p>\n<p>The Reddit staff also held an &ldquo;Ask Me Anything&rdquo; (AMA) in the comments underneath the notification. Yes, Reddit is ideally suited to a Q&amp;A interaction given its posting format, but they could just as easily have turned off replies. Can you remember the last time a breach notification gave users of a service a way to directly interact with staff dealing with the incident?<\/p>\n<p>Finally, the employee concerned is not being fired, instead its notification says it is &#8220;working with our employees to fortify our security skills.&#8221;<\/p>\n<p>Kudos to Reddit for being so open and approachable where this breach is concerned.<\/p>\n<hr \/>\n<p><strong>We don&rsquo;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/reddit-systems-compromised-by-phish-attack.-heres-what-you-need-to-do-next\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Tags: reddit<\/p>\n<p>Tags:  compromise<\/p>\n<p>Tags:  phish<\/p>\n<p>Tags:  phishing<\/p>\n<p>Tags:  users<\/p>\n<p>Tags:  data<\/p>\n<p>Tags:  2FA<\/p>\n<p>In an admirably transparent notification, Reddit announced that one of its employees was phished.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/reddit-systems-compromised-by-phish-attack.-heres-what-you-need-to-do-next\" title=\"Reddit breached, here's what you need to know\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/reddit-systems-compromised-by-phish-attack.-heres-what-you-need-to-do-next\">Reddit breached, here&#8217;s what you need to know<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10598,18865,6270,32,10511,3924,1571,8990],"class_list":["post-21212","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-2fa","tag-compromise","tag-data","tag-news","tag-phish","tag-phishing","tag-reddit","tag-users"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21212"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21212\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}