Reddit recommends users set up 2FA following confirmed data breach

What just happened? Reddit CTO Christopher Slowe has issued a post detailing a data breach targeting the network's systems. The attackers successfully accessed Reddit's business documents and data but failed to access any primary production systems. The post details the nature of the February 5th attack, summarizes Reddit's response to the intrusion, and provides users with steps to set up two-factor authentication measures.

Slowe, also known as Keysersosa within the Reddit community, posted news of the breach to the r/Reddit subreddit on Thursday afternoon. According to Slowe's post, the company was targeted by a sophisticated phishing attack, which led to unauthorized user access to some of Reddit's systems and data. "Based on our investigation so far, Reddit user passwords and accounts are safe," Slowe added.

The malicious payload was delivered on February 5th in the form of a convincing phishing message directing unsuspecting users to a fake intranet gateway designed to harvest user credentials. A single employee was fooled by the message, later realizing his mistake and reporting the incident to Reddit's security team. The security team managed to stem the breach and ensure no critical systems were accessed, damaged, infected, etc.

Despite the intrusion, Slowe remains adamant that Reddit user accounts and passwords are safe and unaffected. According to the post, the data exposed in the breach was limited to company business contacts, personal contacts, and advertising information. Reddit's security teams found no evidence to indicate that user information was accessed, published, or distributed.

He went on to recommend users enable two-factor authentication (2FA) in order to protect their accounts from future attacks. Additional recommendations were also provided, such as periodically changing any access passwords and using a password manager to help users identify domains that may not match.

Slowe ended the post by offering Redditors several hours of "ask me anything" (AMA) time. The well-received session helped to put some of Reddit's 50 million daily users at ease while providing full transparency surrounding the incident and Reddit's subsequent response.

The incident helps to stress the importance of good cyber-hygiene, training, and awareness within any organization. Data security and intrusion methods have, and will continue to, evolve as technology gets better, faster, and more available. Despite these advances, there will always be a weak link in the security chain that leaves systems and data vulnerable to bad actors. Most times that link can be found between the keyboard and chair.