Identity & Access Management , Incident & Breach Response , Security Operations
Reddit Data Breach Leaks Code, Internal DataBreach Phished Employee Credentials
Reddit says hackers penetrated its internal systems via a phishing attack but that user passwords and accounts appear safe.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The self-proclaimed "front page of the internet" says hackers gained access to its internal documents, code and some internal business systems.
The attack campaign uncovered on Sunday targeted Reddit employees. Attackers sent "plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens" the company said.
"After successfully obtaining a single employee's credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems."
Reddit says it is continuing to investigate and monitor the situation closely and working with its employees to fortify their security skills.
"Based on several days of the initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online."
The hackers did obtain some contact information for company contacts and current and former employees "as well as limited advertiser information."
A spokesperson for Reddit was not immediately available to comment.