as we all know, humans are often the weakest part of the security chain.”
Those are the words of Reddit CTO Christopher Slowe, who was quick to play the blame game in a post announcing that Reddit experienced a breach of internal data last week. He explained that the platform was compromised after an attacker sent “plausible-sounding prompts” to employees that redirected them to a website impersonating Reddit’s intranet portal in an attempt to steal credentials. Reddit said users’ data was safe.
Hackers successfully obtained an employee’s credentials, Slowe said, before calling out said employee — who decisively self-reported the incident to Reddit’s security team — as the “weakest link” in the company’s security defenses. (Ironically, Slowe went on to advise users to “update your password every couple of months,” a practice that is no longer recommended by most cybersecurity experts.)
Reddit isn’t alone in pointing the finger following a breach, and many organizations have defaulted to a blame culture when it comes to data security.
Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes, has been hit by a ransomware attack that forced several European and U.S. banks to revert to manual processes. The cyberattack, which TechCrunch learned about on Tuesday, affected Ion’s Cleared Derivatives division, which provides software for automating the trading lifecycle and the […]
Okta has confirmed that it’s responding to another major security incident after a hacker accessed its source code following a breach of its GitHub repositories. The identity and authentication giant said in a statement on Wednesday that it was informed by GitHub about “suspicious access” to its code repositories earlier this month. Okta has since […]
U.S. officials say they have seized dozens of domains linked to some of the world’s leading distributed-denial-of-service-for-hire websites. But TechCrunch found that several of the seized sites are still online. In a press release on Wednesday, the U.S. Department of Justice announced the takedown of 48 domains associated with some of the world’s most popular […]
Leave a Reply