It is becoming increasingly obvious that attackers are finding ways to circumvent multifactor authentication mechanisms as a result of the latest hack of a well-known company.
A threat actor sent out an email containing a link as part of a spearphishing attack on Reddit on January 9, and Reddit’s users were informed as a result that one employee had been successfully convinced to click on the link in an email sent out as part of the spearphishing attack. Investigators found that the website mimicked the behavior of the intranet gateway, and attempted to steal second-factor tokens and credentials at the same time.
According to Reddit, compromising the employee’s credentials allowed the attacker to sift through Reddit’s systems for a few hours. During this time, they accessed internal documents, dashboards, and code that were stored on the system.
In a follow-up AMA video, Reddit CTO Chris Slowe (aka KeyserSosa) explained that while his company is investigating, there is still no evidence that the attacker accessed user data or production systems, as he explained in the video.
Chris Slowe mentioned that the inability to prove a negative makes it extremely difficult for Reddit to determine anything at this point.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: