Conceal Threat Alert: Reddit Internal Systems Compromised by Targeted Phishing Attack
On February 9th, Reddit reported a security incident that resulted from a sophisticated and highly-targeted phishing attack. The attacker sent out plausible-sounding prompts to Reddit employees that pointed them to a website that cloned the behavior of the company’s intranet gateway, to steal credentials and second-factor tokens. After successfully obtaining a single employee’s credentials, the attacker gained access to internal documents, code, and internal business systems.
Reddit reported that their investigation so far has shown that user passwords and accounts are safe, and that the primary production systems, which run Reddit and store the majority of its data, have not been breached. However, the exposure included contact information for company contacts and employees (current and former), as well as advertiser information.
Reddit’s security team responded quickly to the incident, removing the infiltrator’s access, and commencing an internal investigation. The company reported that its response includes training employees to improve their security skills, reminding users to set up two-factor authentication (2FA) and to use a password manager to protect their accounts.
ConcealBrowse’s browser-based phishing protection extension could have helped prevent this attack. The anti-phishing capabilities built in to ConcealBrowse can identify phishing sites utilizing computer vision and machine learning algorithms in addition to threat intelligence and domain name risk assessments. When ConcealBrowse identifies a potentially dangerous site, it opens it in an isolated environment outside of your network. Phishing sites are then identified, and users are blocked from inputting credentials or providing personal information. By adding an extra layer of security to the browsing experience, ConcealBrowse protects users from falling victim to phishing attacks, even when the emails and websites look legitimate.
How could Conceal’s browser isolation and advanced phishing protection have prevented this attack?
Reddit’s recent security incident serves as a reminder of the importance of being vigilant and proactive about online security. By taking simple measures such as setting up 2FA, using a password manager, risk can be reduced. However, this incident proves it only takes one user making the wrong decision to cause severe reputational and monetary damage to your company. By adding ConcealBrowse’s browser-based phishing protection extension, your company can take the responsibility for stopping phishing out of the hands of the user.
Click here to sign up for a free trial of ConcealBrowse to see for yourself how you can protect your company from expensive, reputation-damaging phishing attacks.
Written by: Conceal Research Team