11/11/2023 0 Comments Reddit lastpass security![]() The company also stated, in its notification, that it is still investigating this incident (which happened on Sunday ). Signed-up users of the Reddit service, it seems – Redditors, as they as known – can stand down from Blue Alert, with Reddit saying that its investigation so far shows no indication that what it calls “non-public data” (in other words, stuff that you didn’t post for the world to see anyway) was accessed by the cybercriminals.Īnd, as mentioned earlier, the Reddit systems themselves – the operating systems, code and networks that run the Reddit services you interact with, whether as a user or a visitor – don’t seem to have been breached.įrom this, we infer that the crooks are unlikely to have made off with data such as login records, system logs, location information or password hashes. “only” two data items: your social security number and a scan of your driving licence). name and email address, and no other data), but could just as easily be a bad thing (e.g. Reddit hasn’t stated publicly what sort of data fields were included in the stolen information, merely that the breach was “limited”.īut the word limited might be a good sign (e.g. ![]() In addition to the mostly-harmless-sounding “docs” and “code” listed above, Reddit has admitted that information about past and present employees and “contacts” (we’re assuming this includes, but is not limited to, contractors and other non-permanent staffers) was stolen, along with information about advertising customers. How far did the crooks get?Īs already stated, some of Reddit’s own internal systems were accessed by the attackers. The single most important factor in an identity-hijacking attack of this sort is not sophistication but, as Reddit rightly pointed out above, plausibility, making it easy even for well-informed and cautious individuals to “coast through” based on habit and experience. Someone, perhaps in a hurry, arrived at what they thought was the frontier, handed over their passport to a fellow-traveller instead of to an official border agent, and then found themselves trapped in nowhere-land without any ID while the imposter sailed through the border crossing in their name. In other words, this attack almost certainly succeeded not because it was sophisticated, but because it wasn’t. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data). After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We’re not sure quite how suitable the adjective “sophisticated” is here, not least because Reddit quickly goes on to state that: As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens. They gained access to some internal documents, code, and some internal business systems. In Reddit’s own words: Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. In recent weeks, LastPass and GitHub have confessed to similar experiences, with cybercriminals apparently breaking and entering in much the same way: by figuring out a live access code or password for an individual staff member, and sneaking in under cover of that individual’s corporate identity. It's probably worth shopping around your options a bit, but a competent password manager, for me, whichever it is, is a must.Popular social media site Reddit – “orange Usenet with ads”, as we’ve somewhat ungraciously heard it described – is the latest well-known web property to suffer a data breach in which its own source code was stolen. I'll agree that price increases have not necessarily felt commensurate with service improvements. It isn't perfect - auto-fill is hit-or-miss (mostly hit, but still), I'm sometimes asked to save new passwords when filling in forms where this isn't appropriate, I'm occasionally not asked to save a password when I should be (more serious, in my eyes, as it makes it easier to lose a freshly-generated password, especially when LP wants to clear passwords from your clipboard automatically at times), there are little UI oddities here and there. ![]() I can't speak to how it compares to competitors, since I chose LP quite a while back for one reason or another and have simply stuck with it (I should probably take some others for a test drive, now that I think of it), but LP works pretty well for me. I have multiple accounts, some of them free, but I don't use those quite as extensively as my primary personal premium account. I've been a premium user for more than eight years now. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |