A
“highly
targeted”
phishing
attack
against
social
media
site
Reddit’s
internal
network
has
seen
malicious
actors
steal
the
company’s
source
code
and
internal
documents.
The
breach
occurred
on
February
5,
after
a
phishing
attack
was
launched
at
Reddit
employees.
The
site
said
the
attack
contained
“plausible-sounding
prompts
pointing
employees
to
a
website
that
cloned
the
behavior
of
our
intranet
gateway,
in
an
attempt
to
steal
credentials
and
second-factor
tokens”.
After
obtaining
an
employee’s
credentials,
the
malicious
actors
were
then
able
to
gain
access
to
Reddit’s
internal
systems.
This
meant
that
the
hacker
accessed
Reddit’s
internal
business
systems,
dashboard,
documents
and
source
code.
After
being
alerted
to
the
phishing
attack
by
the
employee
whose
account
was
accessed,
Reddit
said
it
“removed
the
infiltrator’s
access”
and
launched
an
investigation
into
the
breach.
The
site
noted
that
“similar
phishing
attacks”
have
been
reported
recently.
The
data
accessed
in
the
breach
included
“limited
contact
information
for
(currently
hundreds
of)
company
contacts
and
employees
(current
and
former),
as
well
as
limited
advertiser
information”,
but
Reddit
confirmed
that
“user
passwords
and
accounts
are
safe”.
The
site
also
reported
that
there
was
“no
evidence”
any
of
its
primary
production
systems
being
accessed,
or
that
any
of
its
users’
“non-public
data”
had
been
accessed
or
posted
online.
Reddit
has
launched
an
internal
investigation
into
the
breach,
as
well
as
enhancing
its
security
systems.
Additionally,
it
urged
users
to
enable
multi-factor
authentication
and
use
a
password
manager
both
to
set
up
complex
passwords
and
to
prevent
themselves
from
being
phished.
GitHub
source
code
stole
in
phishing
attack
On
September
16,
2022,
GitHub
reported
a
phishing
attack
that
involved
a
malicious
actor
posing
as
code
integration
and
delivery
platform
CircleCI
in
order
to
harvest
login
credentials
and
authentication
codes
from
employees
and
gain
access
to
various
user
accounts.
The
phishing
site
used
by
the
hacker
relayed
time-based-one-time-passwords
(TOTP)
two-factor-authentication
codes
to
the
hacker
in
real
time,
allowing
them
to
gain
access
to
accounts
protected
by
TOTP
two-factor
authentication.
Accounts
protected
by
hardware
security
keys
were
not
vulnerable
to
this
attack.
Throughout
the
attack,
the
malicious
actor
was
able
to
gain
access
to
and
download
multiple
private
code
repositories
and
use
techniques
to
preserve
their
access
to
the
account
even
in
the
event
that
the
compromised
user
or
organization
changed
their
password.
Mailchimp
targeted
in
phishing
attack
On
January
11
of
this
year,
marketing
automation
company
Mailchimp
reported
that
it
was
the
victim
of
a
social
engineering
attack-related
data
breach.
According
to
Mailchimp,
the
breach
involved
an
“unauthorized
actor
accessing
one
of
[the]
tools
used
by
Mailchimp
customer-facing
teams
for
customer
support
and
account
administration”.
Following
this,
the
malicious
actor
launched
social
engineering
attacks
on
Mailchimp
employees
and
contractors
used
by
the
company.
Through
these
attacks,
the
hacker
was
able
to
steal
employee
credentials
and
then
used
this
login
information
to
gain
access
to
“select
Mailchimp
accounts”.
Mailchimp
reported
that
the
attack
was
targeted
and
limited
to
133
accounts.
In
the
wake
of
the
attack,
Mailchimp
suspended
access
for
those
accounts
compromised
in
the
attack
to
protect
users’
data,
and
notified
the
account
owners
of
the
suspicious
activity.
All
those
affected
were
notified
by
Mailchimp
by
January
12,
and
the
company
has
been
working
with
them
to
safely
reinstate
their
accounts.
About Author
