Reddit has confirmed its systems were hacked last weekend as the result of a sophisticated and highly targeted phishing attack: the attackers gained access to documents, code, and some internal business systems.
Late on February 5, Reddit became aware of the phishing campaign that targeted its employees. The attacker sent out "plausible-sounding prompts", pointing employees to a website that cloned the behavior of its intranet gateway, in an attempt to steal credentials and second-factor tokens. After obtaining a single employee's credentials, the attacker gained access to some documents and code, as well as some internal dashboards and business systems.
Also: Phishing attacks are getting scarily sophisticated. Here's what to watch out for
We know all of this information because Reddit's CTO posted about the incident on Reddit. Currently, there's no indication that usernames and passwords of Reddit users have been accessed -- but Reddit has suggested users should apply multi-factor authentication (MFA) to their accounts for added protection.
There are two key takeaways from the Reddit security incident. The first is that phishing attacks continue to be a key tool in the cyber criminal's arsenal -- we all use emails, and a carefully crafted phishing attack can trick even the most security-conscious user.
The second is that Reddit has -- I think -- chosen the right option by being transparent about falling victim to cyber attackers, publicly disclosing the incident just days after it was first detected.
Despite the prolific nature of cyberattacks and data breaches, many victims decide that the best course of action is to keep quiet about what has happened -- sometimes, they won't even mention that there was an incident at all.
The reasons for keeping quiet include fear of reputational damage, fear of financial losses, or even fear of alerting other cyber criminals to the fact that they might make a good target for attacks.
But Reddit's openness over what happened -- and how the incident was discovered and managed -- provides a good example of how incident disclosure could and should be done, and how it can benefit both a company's users and customers, as well as the business itself.
According to Reddit, soon after being phished, the employee suspected something was wrong and self-reported the incident, alerting the information security team. They responded quickly, removing the infiltrator's access and started an internal investigation.
Also: The biggest cyber-crime threat is also the one that nobody wants to talk about
What's also key here is that an employee came forward with their suspicions. Keeping it quiet doesn't help anyone but the attacker, who gets more time in the network.
But in this instance, the employee reported the incident, something Reddit's CTO commented he was "extremely grateful" for in the thread below the initial post. As a result, the attacker only had access to the network for a few hours because the security team was able to respond quickly.
The speed of detection -- combined with transparency over the incident -- has gone down well with Reddit users, many of whom have praised Reddit's response, which included answering queries about what happened.
Reddit also used the post to encourage users to apply MFA to their Reddit accounts, and to use a password manager to help stay secure.
At a time when many businesses that fall victim to cyberattacks won't say anything, Reddit's openness after the phishing attack provides a good lesson on being transparent about a cybersecurity incident -- and it's something that other companies can learn from.
As shown by the response online, users and customers will be grateful they've been told about the incident quickly, enabling them to take the necessary steps to secure their accounts.
It's unfortunate that the nature of cyber crime means that phishing and cyberattacks are an everyday occurrence -- but a company that shows it can deal with incidents well is positive for everyone.