On the evening of February 5, the hacker gained access to internal business systems Reddit and stole internal documents and source code.
Company states that the cybercriminator used a fischaring bait for the target sufferer with the target. The website of the internal network Reddit. On this site, the attacker tried to steal the accounting data of employees and tokens of two -factor authentication.
After one employee became a victim of a phishing attack, the hacker was able to penetrate the Reddit systems, which contained internal documents, various information panels and business systems. According to the company, the main production systems (which launch Reddit and store most of the company’s data) are not affected. Also, payment information, passwords and indicators of advertising efficiency remained safe.
The investigation of the incident showed that the stolen data include personal information “hundreds” of the company, advertisers, as well as the current and former employees. Reddit claims that stolen information was not published on the Internet.
Reddit learned about the hacking after the employee independently announced the incident for the company security team. It is worth noting that the touched employee was turned on
The categories of such evidence include:
- Knowledge is the information that the subject knows. For example, password, pin code, code, control word, etc.
- possession is a thing that the subject possesses. For example, an electronic or magnetic card, token, flash memory.
- The property that the subject has. For example, biometrics, natural unique differences: face, fingerprints, rainbow shell of the eyes, DNA sequence.