Reddit employees’ credentials were stolen during a targeted phishing attempt. An administrator of the website has disclosed that hackers were able to infiltrate its systems on February 5th. Reddit employees were receiving “plausible-sounding prompts,” which led to a website that mimicked the behavior and looks of its intranet gateway. This was used to steal logins and second-factor tokens. Although one employee fell for the scheme, they self-reported it. This allowed the security team at the website to respond quickly and block the infiltrators from accessing the site.
Reddit spokesperson stated that bad actors had access to some website’s “internal documents, code, as well as some internal dashboards, and business systems.” The hackers were able to access contact information for hundreds upon hundreds of companies, including current and former employees as well as advertisers. However, they assured users that no evidence was found by the security team that passwords or other non-public data were compromised. The investigation team found no evidence that the Reddit information was distributed online.
Reddit spokesperson stated that the site is “continuing investigation and monitoring the situation closely.” Reddit’s spokesperson also stated that the site is “continuing to investigate and monitor the situation closely.” Even though the attackers could only steal non-user information, the 2018 breach was much more serious. Bad actors had access to users’ email addresses and a backup database from 2007, which contained passwords.