A breach on Reddit gave hackers access to its internal business systems, where they were able to seize documents and source code.
According to the business, the hackers pretended to be its intranet site in order to ensnare Reddit employees with a phishing bait. This website attempted to steal the two-factor authentication tokens and employee login information.
The threat actor was able to infiltrate internal Reddit systems to take data and source code after one employee fell for the phishing scam.
Reddit reports that the stolen data includes limited contact information for business contacts as well as for current and former workers after looking into the matter.
The data also contained some information regarding the firm's advertisers, but no access was made to credit card numbers, passwords, or ad performance.
"id": "RED55725623",
"linkid": "reddit-com",
"type": "Breach",
"date": "02/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"