Sunday night, Reddit was the target of a cyberattack that gave hackers access to its internal business systems & allowed them to acquire confidential information & source code.
According to Reddit, the hackers pretended to be its intranet site in order to ensnare Reddit employees with a phishing bait. They attempted to steal the two-factor authentication tokens & employee login information.
The threat actor was able to infiltrate internal Reddit systems to take data & source code after one employee fell for the phishing scam.
Reddit reports that the stolen data includes limited contact information for business contacts as well as for current & former workers after looking into the matter. The data also contained some information regarding the firm’s advertisers, but no access was made to credit card numbers, passwords, or ad performance.