The sign isn’t there to protect old-timers from nervous new road users who might find a big junction or roundabout complicated. The risk posed by habitual behaviour is why official British road signage includes a bright red rectangle containing the words NEW ROAD LAYOUT AHEAD that’s used when a busy piece of road gets reorganised. The single most important factor in an identity-hijacking attack of this sort is not sophistication but, as Reddit rightly pointed out above, plausibility, making it easy even for well-informed and cautious individuals to “coast through” based on habit and experience.
Someone, perhaps in a hurry, arrived at what they thought was the frontier, handed over their passport to a fellow-traveller instead of to an official border agent, and then found themselves trapped in nowhere-land without any ID while the imposter sailed through the border crossing in their name. In other words, this attack almost certainly succeeded not because it was sophisticated, but because it wasn’t. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data). We’re not sure quite how suitable the adjective “sophisticated” is here, not least because Reddit quickly goes on to state that:Īs in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.Īfter successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. They gained access to some internal documents, code, and some internal business systems.
Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack.
Lastpass breach reddit code#
In recent weeks, LastPass and GitHub have confessed to similar experiences, with cyercriminals apparently breaking and entering in much the same way: by figuring out a live access code or password for an individual staff member, and sneaking in under cover of that individual’s corporate identity.
Popular social media site Reddit – “orange Usenet with ads”, as we’ve somewhat ungraciously heard it described – is the latest well-known web property to suffer a data breach in which its own source code was stolen.
0 kommentar(er)
