February 13, 2023

Hackers stole source code and internal data belonging to Reddit. The stolen information includes contact information for company contacts as well as current and former employees. The information also included some information about the company’s advertisers, but no credit card information, passwords, or ad performance were accessed.

According to the company, the hackers used a phishing lure that impersonated its intranet site to target Reddit employees. This website attempted to steal the credentials and two-factor authentication tokens of employees. The threat actor was able to breach internal Reddit systems and steal data and source code after one employee eventually fell victim.

“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explains Reddit in their security incident notice.

The hackers gained access to Reddit’s systems by taking advantage of a flaw in the platform’s two-factor authentication system. They were able to steal source code, user data, and internal data as a result. Reddit has since patched the flaw and is cooperating with law enforcement to investigate the breach.

In response to the breach, Reddit claims that there are no indications that the threat actors were able to breach the production systems used to run the website and that the breach was discovered after an employee self-reported it to the company’s security team. Users are also receiving regular updates and security briefings from the company to keep them informed of the breach and the steps being taken to protect their data.

The sources for this piece include an article in BleepingComputer.