Reddit had a security incident last Sunday evening that allowed hackers to obtain access to some of its sensitive data platforms.
According to Reddit, the attack was carried out through a “sophisticated phishing campaign” where hackers created a fake but well-crafted page of its website on intranet. This particular page was used to steal employee login credentials and two-factor authentication codes.
An employee eventually fell for the phishing trap, which allowed the hackers to penetrate internal Reddit documents and some internal dashboards and business systems. However, the company claims there was no evidence that the primary production systems were compromised.
Reddit reports that the employee who fell for the phishing trap self-reported the issue to the company's security team. The team responded by immediately removing the attacker's access and launching an internal investigation.
“The data report included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited information advertisers," Reddit said in its post.
"Based on the initial investigation by the security team and friends, we have no evidence to suggest that any of your non-public data has been accessed or that Reddit information has been published or distributed online."