Reddit had a security incident last Sunday afternoon that allowed hackers to gain access to some sensitive data on the platform.
According to Reddit, the attack was carried out through a "sophisticated phishing campaign" where hackers created a fake but well-crafted website page on its intranet. This particular page was used to steal employee login credentials and two-factor authentication codes.
An employee eventually fell for the phishing trap, which allowed the hackers to penetrate internal Reddit documents and some internal dashboards and business systems. However, the company claims there was no evidence that the primary production systems were compromised.
Reddit reports that the employee who fell for the phishing trap self-reported the issue to the company's security team. The team responded by immediately removing the attacker's access and launching an internal investigation.
"The data exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information," Reddit said in its post.
"Based on the initial investigation by the security team and friends, we have no evidence to suggest that any of your non-public data has been accessed or that Reddit information has been published or distributed online."