{"id":600458,"date":"2023-02-10T05:00:25","date_gmt":"2023-02-10T07:00:25","guid":{"rendered":"https:\/\/teknomers.com\/fr\/reddit-souffre-dune-faille-de-securite-exposant-des-documents-internes-et-le-code-source\/"},"modified":"2023-02-10T05:00:26","modified_gmt":"2023-02-10T07:00:26","slug":"reddit-souffre-dune-faille-de-securite-exposant-des-documents-internes-et-le-code-source","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/reddit-souffre-dune-faille-de-securite-exposant-des-documents-internes-et-le-code-source\/","title":{"rendered":"Reddit souffre d&#8217;une faille de s\u00e9curit\u00e9 exposant des documents internes et le code source"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">10 f\u00e9vrier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Violation de donn\u00e9es\/code source<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>La plate-forme populaire d&#8217;agr\u00e9gation de nouvelles sociales Reddit a r\u00e9v\u00e9l\u00e9 qu&#8217;elle avait \u00e9t\u00e9 victime d&#8217;un incident de s\u00e9curit\u00e9 qui a permis \u00e0 des acteurs de la menace non identifi\u00e9s d&#8217;obtenir un acc\u00e8s non autoris\u00e9 \u00e0 des documents internes, \u00e0 du code et \u00e0 certains syst\u00e8mes commerciaux non sp\u00e9cifi\u00e9s.<\/p>\n<p>L&#8217;entreprise l&#8217;a imput\u00e9e \u00e0 une &#8220;attaque de phishing sophistiqu\u00e9e et tr\u00e8s cibl\u00e9e&#8221; qui a eu lieu le 5 f\u00e9vrier 2023, visant ses employ\u00e9s.<\/p>\n<p>L&#8217;attaque impliquait l&#8217;envoi d'&#8221;invites \u00e0 consonance plausible&#8221; redirig\u00e9es vers un site Web se faisant passer pour le portail intranet de Reddit dans le but de voler des informations d&#8217;identification et des jetons d&#8217;authentification \u00e0 deux facteurs (2FA).<\/p>\n<p>Les informations d&#8217;identification d&#8217;un seul employ\u00e9 auraient \u00e9t\u00e9 hame\u00e7onn\u00e9es de cette mani\u00e8re, permettant \u00e0 l&#8217;auteur de la menace d&#8217;acc\u00e9der aux syst\u00e8mes internes de Reddit.  L&#8217;employ\u00e9 concern\u00e9 a lui-m\u00eame signal\u00e9 le piratage, a-t-il ajout\u00e9.<\/p>\n<p>La soci\u00e9t\u00e9 a toutefois soulign\u00e9 qu&#8217;il n&#8217;y avait aucune preuve sugg\u00e9rant que ses syst\u00e8mes de production ont \u00e9t\u00e9 viol\u00e9s ou que les donn\u00e9es non publiques des utilisateurs ont \u00e9t\u00e9 compromises.  Rien n&#8217;indique que les informations consult\u00e9es aient \u00e9t\u00e9 publi\u00e9es ou diffus\u00e9es en ligne.<\/p>\n<p>&#8220;L&#8217;exposition comprenait des informations de contact limit\u00e9es pour (actuellement des centaines) de contacts et d&#8217;employ\u00e9s de l&#8217;entreprise (actuels et anciens), ainsi que des informations limit\u00e9es sur les annonceurs&#8221;, Reddit <a rel=\"nofollow noopener\" href=\"https:\/\/www.reddit.com\/r\/reddit\/comments\/10y427y\/we_had_a_security_incident_heres_what_we_know\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<p>Il a en outre not\u00e9 que &#8220;des attaques de phishing similaires ont \u00e9t\u00e9 r\u00e9cemment signal\u00e9es&#8221; sans prendre de noms sp\u00e9cifiques.  Il n&#8217;a pas r\u00e9v\u00e9l\u00e9 quel code source avait \u00e9t\u00e9 consult\u00e9 apr\u00e8s la faille de s\u00e9curit\u00e9.<\/p>\n<p>Le d\u00e9veloppement est une autre indication de la fa\u00e7on dont les acteurs de la menace trouvent de plus en plus de moyens de vaincre 2FA en cr\u00e9ant des pages similaires capables de d\u00e9clencher des attaques de l&#8217;adversaire au milieu (AitM).<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/02\/reddit-suffers-security-breach-exposing.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80210 f\u00e9vrier 2023\ue804Ravie LakshmananViolation de donn\u00e9es\/code source La plate-forme populaire d&#8217;agr\u00e9gation de nouvelles sociales Reddit a r\u00e9v\u00e9l\u00e9 qu&#8217;elle avait \u00e9t\u00e9 victime d&#8217;un incident de s\u00e9curit\u00e9 qui a permis \u00e0 des acteurs de la menace non identifi\u00e9s d&#8217;obtenir un acc\u00e8s non autoris\u00e9 \u00e0 des documents internes, \u00e0 du code et \u00e0 certains syst\u00e8mes commerciaux non sp\u00e9cifi\u00e9s. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":600459,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[5597,4168,4158,4165,4161,133,13799,1326,114498,9048,13044,4157,4159,4171,4170,4167,4160,4163,4162,41957,1835,4172,4169,8342,11137,4166,4164],"class_list":["post-600458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-code","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-documents","tag-dune","tag-exposant","tag-faille","tag-internes","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-reddit","tag-securite","tag-securite-informatique","tag-securite-internet","tag-souffre","tag-source","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/600458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=600458"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/600458\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/600459"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=600458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=600458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=600458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}