Kyler Kent CISSP 
<a href="https://www.flickr.com/photos/29988733@N04/24552131381" rel="nofollow">Reddit AMA</a> by <a href="https://www.flickr.com/photos/29988733@N04" rel="nofollow">NASA Johnson</a> is licensed under <a href="https://creativecommons.org/licenses/by-nc/2.0/" rel="nofollow">CC-BY-NC 2.0</a>
One-sentence summary:
A Reddit employee succumbed to a spear phishing email, however, the attacker did not penetrate far into Reddit’s network and was quickly caught after the victim reported it.
Who was involved?
A single Reddit employee and an adversary.
What was the timeline?
Reddit initially responded on February 05, 2023. The incident was publicly reported on Reddit on February 09, 2023.
What occurred?
A spear phishing campaign against many Reddit employees was successful with one employee, resulting in a single user’s account compromise. MFA was compromised as a part of the attack and the adversary gained access to primarily internal assets, including “internal docs, code, as well as some internal dashboards and business systems” (KeyserSosa, 2023, para. 3). The attack was limited in scope and did not affect primary, externally-facing (production) systems or potentially PII. Reddit users were specifically excluded from being included in the breach.
Estimated costs:
Associated incident response costs.
Involved laws:
None specifically applicable at this time.
Root cause:
Social engineering.
Lessons learned:
User awareness training is critical in the modern enterprise to prevent successful phishing campaigns. Password managers may also tip users off to a potential phishing attempt by not prompting them to enter credentials (KeyserSosa, 2023).
Sources:
KeyserSosa. (2023, February 9). We had a security incident. Here’s what we know. Reddit. Retrieved February 13, 2023, from https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
