Whoever the hacker was, tricked a Reddit employee into clicking a “sensible-sounding” prompt that took him to a “website that replicates our intranet portal behavior, in an attempt to steal information.” login and second factor token.” After hackers obtained user credentials, they used them to access “several internal documents, code, as well as internal control panels and corporate systems,” as the company puts it.
In a thread posted on the official r/reddit community on Thursday, a company representative explained that a phishing attack took place on the evening of February 5. Sunday night (Pacific Time), Reddit systems were hacked following a sophisticated and highly targeted phishing attack,” the statement read. “They have access to some internal documentation, code, and some internal business systems.”
In its statement, Reddit emphasized that it does not believe users are affected by digital intrusion. “Based on the early days of security, engineering, and data science (and friends!) investigations, we have no evidence that any of your non-public data has been accessed. or Reddit information has been published or distributed online,” the company said. Reddit took this opportunity to encourage Redditors to increase the security of their personal accounts. “Since we’re talking about safety and security, it’s a good time to remember how to protect your Reddit account… Learn how to enable 2FA in Reddit Help.”
As for minor data breaches, this isn’t Reddit’s first game. In fact, about 5 years ago, the platform posted an identically titled thread, announcing that it had been hacked in the same way. It’s good that Reddit is transparent and upfront with users about this incident, although “we don’t believe any of your data was stolen” has a nasty habit of being what one company said first. until a more serious violation is announced. That said, there’s no indication that’s the case here, you know, so far.