In a section for “What information was involved?” the company wrote: All Reddit data from 2007 and before including account credentials and email address, and email digests sent by Reddit in June 2018. Reddit also stated that the attacker was not able to alter the company’s information, and that it has “taken steps since the event to further lock down and rotate all production secrets and API keys, and to enhance our logging and monitoring systems.” We point this out to encourage everyone here to move to token-based 2FA.” It reads: “Already having our primary access points for code and infrastructure behind strong authentication requiring two factor authentication (2FA), we learned that SMS-based authentication is not nearly as secure as we would hope, and the main attack was via SMS intercept. See Related: Incident Of The Week: Cosco Shipping Faces Ransomware Attack
It said an attacker compromised employee accounts with its cloud and source code hosting providers.
The statement reads that Reddit learned of the attack – which took place between June 14- 18 – just a day later, June 19. In an announcement on its site, the company noted that the attacker did not gain write access to Reddit systems, instead capturing read-only access to systems with backup data, source code and other logs. In this edition of “Incident of the Week,” we examine a cyber-attack that hit popular news aggregator and discussion site, Reddit.Ī hacker reportedly broke into a few of the company’s systems, lifting email addresses and a 2007 database holding old salted and hashed passwords. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional.
In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.Ĭombing through data, market research and threat-defense efforts taken by enterprises can be a daunting task.
0 kommentar(er)
