opfut.blogg.se

You’ll need to make use of an app to generate the six-digit code required to log in alongside your password. Its app-based 2FA can't protect you from phishing, but it will stop all kinds of assaults on your passwords. Still, any form of 2FA is better than none, so we encourage you to set up 2FA on Reddit. The right kind of 2FA-2FA that relies on hardware keys or FIDO2 devices-could have prevented its own employee from being phished.

Ironically, the one piece of advice that Reddit offers it users is to set up two-factor authentication (2FA) to protect their accounts. Reddit deserves praise for reporting what happened so clearly: Clear messaging, no evasion, and a clear indication of what users should take into consideration. It also says there are no signs the breach affected "the parts of our stack that run Reddit and store the majority of our data" or "any of your non-public data." As a result, there is no need to alter your login details. The employee's credentials were reportedly used to gain access to "some internal docs, code, as well as some internal dashboards and business systems", which exposed "limited contact information" for company contacts and employees, and information about advertizers.Īccording to Reddit, your passwords are safe. It says its "security team responded quickly, removing the infiltrator’s access and commencing an internal investigation." One of its employees fell for the phish, and then self-reported, alerting Reddit to what had happened. What happened?Īccording to Reddit, it "became aware of a sophisticated phishing campaign" late on February 5, 2023, that attempted to steal credentials and two-factor authentication tokens. On Thursday, February 9, 2023, Reddit reported that it had experienced a security incident as a result of an employee being phished.