A Reddit employee’s credentials were stolen in a targeted phishing attack, an administrator for the website has revealed, and hackers were able to infiltrate its systems on February 5th. Apparently, Reddit employees had been receiving “plausible-sounding prompts,” which lead to a website that mimic the looks and behavior of its intranet gateway, designed as such to steal people’s logins and second-factor tokens. While one employee did fall for the scheme, they immediately self-reported. That allowed the website’s security team to respond quickly and to cut off the infiltrators’ access.
The Reddit spokesperson said the bad actors were able to access some of the website’s “internal docs, code, as well as some internal dashboards and business systems.” Contact information for hundreds of company contracts, current and former employees, as well as some advertisers were also exposed. They assured users, however, that the security team investigating the incident has found no evidence that their passwords or any of their non-public data have been compromised. The team also didn’t find evidence that the information stolen from Reddit has been distributed online — at least, at this point in the investigation.
Reddit’s spokesperson said the website is “continuing to investigate and monitor the situation closely.” They also said that lessons they learned from a security breach five years ago continue to be useful. If the attackers were only truly able to steal some non-user information this time, the 2018 breach was a much more serious incident. Back then, bad actors were able to grab users’ current email addresses, as well as a database backup from 2007 that contained account passwords.