An administrator for the website said that a Reddit employee’s credentials were taken in a targeted phishing assault, and hackers were able to penetrate its servers on February 5th. Reportedly, Reddit employees had been receiving “plausible-sounding prompts,” that led to a website that looked and behaved like its intranet gateway, with the intention of stealing people’s logins and second-factor tokens. Although one employee was duped, they promptly self-reported. As a result, the website’s security team was able to respond promptly and cut off the infiltrators’ access.
According to a Reddit representative, the malicious actors gained access to “internal docs, code, as well as some internal dashboards and business systems.” Hundreds of firm contracts, current and past workers, and some marketers’ contact information were also disclosed. They did, however, reassure users that the security team investigating the situation had discovered no indication that their passwords or non-public data had been hacked. At this stage in the inquiry, the team also found no evidence that the material obtained from Reddit was spread online.
According to a spokeswoman for Reddit, the company is “continuing to investigate and monitor the situation closely.” They also stated that the lessons they gained from a security compromise five years ago are still applicable. If the attackers were only able to acquire some non-user information this time, the 2018 hack would have been far more damaging. Bad actors were able to obtain users’ current email addresses, as well as a database backup from 2007 including account passwords, at the time.
