Reddit recently suffered a cyberattack. Hackers got access to internal business systems and managed to steal internal documents and source code. The company confirmed that hackers used a phishing attack to target Reddit employees. One of the employees fell victim to the phishing attack and hackers got credentials to access internal Reddit systems.
The employee self-reported the incident to Reddit’s security team. It allows the security team to cut off the infiltrators’ access quickly. After further investigation, it was found that hackers got access to some internal docs, and code, as well as some internal dashboards and business systems. The stolen data also includes limited contact information for company contacts and some details about the company’s advertisers.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” Reddit explains in their security incident notice.
There are no indications that hackers breached primary production systems. Reddit also confirmed that credit card information, passwords, and ad performance were not accessed.
Also see: Reddit keyboard shortcuts
Reddit has also reminded users to enable two-factor authentication (2FA) on their accounts for adding an extra paper of protection.
Chris Slowe, Reddit CTO, also hosted an AMA to answer people’s questions about this hack. He also confirmed that the employee responsible for this incident was not fired.
