Identity & Access Management , Incident & Breach Response , Security Operations

Reddit Data Breach Leaks Code, Internal Data

Breach Phished Employee Credentials
Reddit Data Breach Leaks Code, Internal Data
Image: Shutterstock

Reddit says hackers penetrated its internal systems via a phishing attack but that user passwords and accounts appear safe.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The self-proclaimed "front page of the internet" says hackers gained access to its internal documents, code and some internal business systems.

The attack campaign uncovered on Sunday targeted Reddit employees. Attackers sent "plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens" the company said.

"After successfully obtaining a single employee's credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems."

Reddit says it is continuing to investigate and monitor the situation closely and working with its employees to fortify their security skills.

"Based on several days of the initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online."

The hackers did obtain some contact information for company contacts and current and former employees "as well as limited advertiser information."

A spokesperson for Reddit was not immediately available to comment.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.