A breach on Reddit gave hackers access to its internal business systems, where they were able to seize documents and source code.
According to the business, the hackers pretended to be its intranet site in order to ensnare Reddit employees with a phishing bait. This website attempted to steal the two-factor authentication tokens and employee login information.
The threat actor was able to infiltrate internal Reddit systems to take data and source code after one employee fell for the phishing scam.
Reddit reports that the stolen data includes limited contact information for business contacts as well as for current and former workers after looking into the matter.
The data also contained some information regarding the firm's advertisers, but no access was made to credit card numbers, passwords, or ad performance.
TPRM report: https://scoringcyber.rankiteo.com/company/reddit-com
"id": "red55725623",
"linkid": "reddit-com",
"type": "Breach",
"date": "02/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Social Media',
'name': 'Reddit',
'type': 'Organization'}],
'attack_vector': 'Phishing',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'type_of_data_compromised': ['Limited contact information for '
'business contacts',
'Limited contact information for '
'current and former workers',
'Information regarding the '
"firm's advertisers"]},
'description': 'A breach on Reddit gave hackers access to its internal '
'business systems, where they were able to seize documents and '
'source code. The hackers pretended to be its intranet site in '
'order to ensnare Reddit employees with a phishing bait. This '
'website attempted to steal the two-factor authentication '
'tokens and employee login information. The threat actor was '
'able to infiltrate internal Reddit systems to take data and '
'source code after one employee fell for the phishing scam. '
'The stolen data includes limited contact information for '
'business contacts as well as for current and former workers. '
"The data also contained some information regarding the firm's "
'advertisers, but no access was made to credit card numbers, '
'passwords, or ad performance.',
'impact': {'data_compromised': ['Limited contact information for business '
'contacts',
'Limited contact information for current and '
'former workers',
"Information regarding the firm's "
'advertisers'],
'systems_affected': ['Internal business systems']},
'initial_access_broker': {'entry_point': 'Phishing'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Phishing attack resulting in the '
'compromise of employee login '
'information and two-factor '
'authentication tokens'},
'title': 'Reddit Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Social Engineering'}