- Hackers have targeted Reddit and used phishing scams to get access to its internal data, including contact details for business relationships.
- The attacker sent out believable-sounding instructions leading staff members to a website that mirrored the behavior of Reddit’s intranet gateway in an effort to get passwords and second-factor tokens.
- Contact details for company contacts, current and former employees, and information about advertisers were exposed.
Reddit is a social news and discussion website. The site consists of thousands of subcommunities, known as “subreddits”. Reddit is also an extremely popular platform for AMAs (Ask Me Anything) sessions with celebrities, politicians, and other public figures.
On the 5th of February, a complex and highly targeted phishing attack compromised Reddit systems. They obtained access to internal documents, code, and business systems. Reddit says that no accounts and passwords were affected. In an attempt to acquire passwords and second-factor tokens, the attacker sent out plausible-sounding instructions directing employees to a website that mimicked the behavior of Reddit’s intranet gateway.
What happened?
After a single employee fell for the phishing attack, the hacker obtained access to some internal docs, code, and internal dashboards and business systems. Exposure included contact information for firm contacts, current and former workers, and advertiser information. Reddit has conducted a thorough preliminary investigation over several days and discovered no indication that any of the customers’ private information has been accessed or that Reddit’s data has been posted online.
The impacted employee immediately reported that they had been phished, and the security team immediately blocked the intruder’s access and started an internal inquiry. Reddit reports that it is continuing its investigation.