Reddit, a popular social media news site, revealed that it was hacked Sunday night. In a post on February 9, Reddit announced that they had first become aware of the incident on February 5. It calls it "sophisticated Phishing" and targets Reddit employees.
The CEO stated that the unidentified individuals accessed internal documents and dashboards, business systems, codes, and business systems. The company also stated that they don't have evidence of any security breaches in the platforms that store their data. Although they acknowledge that their advertisers' data was stolen, they insist that credit card and password information were not compromised.
Reddit Response and What Happened?
It is not clear what the impact of this incident was. Reddit says that the incident is being investigated. According to the firm, the attackers gained access the company's data through a targeted phishing attack.
An attacker sent emails to employees that sounded plausible, which redirected them towards a website that claimed to be the intranet portal of the company. This was done to try to steal two-factor authentication information.
They were able to steal the credentials of one employee, which was either good or bad. This allowed the attacker to gain access to the internal systems at. Reddit security teams were alerted by the employee who reported the incident. They acted immediately. They removed the attackers from their access and began an immediate investigation.
According to the firm, there was only limited contact with former and current employees. Advertiser information was also exposed. The firm insists that the attacker did not access any personal data or non-public information. Only some internal documents, codes, and business systems were accessed by the attacker. The firm claims that even the stolen information was not published or distributed online.
Reddit Recommendation for Users
Reddit does not believe that businesses or personal users were affected. However, it encourages individuals to take precautions to ensure their data is safe. Management recommended that users set up two-factor authentication, on their accounts. This provides additional protection, even if someone knows your password.
Reddit suggests that passwords be updated monthly. Security professionals strongly discourage this. To create strong, hard-to-guess passwords or passphrases, a password manager is a better choice.
However, investigations continue into the extent of the damage. It is a good idea to change your Reddit password even if it has not been compromised in this incident. These cyberattacks have shown us that Reddit only detects incidents days, if not months later than the original attack. It is safer to be safe than sorry.
Reddit has been the victim of numerous cyberattacks. The firm started a thread about five years ago in which they shared similar information, revealing that they were hacked in a similar manner. Good news is that they have always been open and transparent about such incidents. Unfortunately, their response was "We don't believe any of your personal information has been hacked", before they announced a major breach. However, it is not clear if users or businesses were affected.
Schools in Massachusetts, Arizona and New York are the most recent victims of cyberattacks
Within hours of each another, cyberattacks hit two schools in Nantucket and MA, Tucson, AZ and New York during the week ending January 31st. These attacks appear to be unrelated.
The hackers were responsible for the attack on Tucson Unified District mentioned low spending on crucial cyber services as a reason for infecting their systems. The attackers allegedly wrote a note that stated, "If this is what you are reading it means your system(s), were hit by Royal." It is most likely that you wanted to save money on your security.
Royal ransomware infects computers and copies data. Then it threatens to publish the information online. In exchange for the release of stolen data, hackers using human-operated ransomware demand a modest royalty. Tucson was working with the FBI to investigate its cyberattack, but another school district was also affected.
Ransomware infected four schools in Nantucket MA. It sent 1,700 students home half way through each school day. Students and staff were warned by the school district not to use tablets, laptops or any other school-issued tech devices in the event of ransomware activity.
Cyberattacks on Schools are on the Rise
Nantucket Public Schools was the fifth school to report a data breach in January 2023.
Cyberattacks on schools are a result of the increase in online education. Schools were forced to close due to the pandemic. While many schools no longer operate online, they still provide computers and tablets for students to access online libraries and complete assignments. Most schools lack the budget to hire IT professionals and enforce basic security measures like strong passwords.
Hackers love devices and systems that have low levels of cyber security. Ransomware attackers can take hostage school systems, which contain a lot of personal data and internal documentation. Ransomware attackers may demand ransomware to be satisfied. If they don't, the operators will release all collected information. This includes everything from phone numbers and social security numbers.
Cyber security experts are looking for ways to fix cyberattacks on schools while not exceeding the school's IT budget. Ransomware attacks could cause school districts, such as Nantucket Public Schools to be shut down completely. Data breaches were experienced by schools even before the outbreak. In 2018, a performance audit revealed that Tucson's school district was not secure online. These were just a few of the issues that were mentioned:
- Weak password requirements
- Former employees still have access to the school system
- Lack of planning for equipment malfunctions or system failures
These issues, along with low budgets, make defending schools against ransomware attacks such as Royal difficult.
Stay alert and prepared for cyberattacks
These recent cyberattacks targeted schools but everyone, from business owners to citizens, should consider their cyber security. Computers and servers can be protected by installing antivirus software, strong passwords, as well as ensuring that no one has access to your system from the past. Cyber security training and good tactics can lower your chance of being the next victim of a cyber attack.
Integrated Technology Systems is here to assist you with a cybersecurity audit and a plan of attack. Regardless of the size of your business, non-profit or government agency, we can help. Give us a call today.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com
Read more helpful information on our Facebook page.
