On Sunday evening, Reddit suffered a cyberattack on its systems after one of their employees fell for a phishing attack. This led the threat actor to access the company’s internal stuff – like the advertiser’s and employees’ data.
Reddit says the breach hasn’t affected the production platform – on which the site is running. Also, there was no sensitive information like payment data or login credentials of anyone were compromised.
Reddit Data Breach Incident
With over 400 million monthly active users, Reddit is a luring target for many threat actors to focus on. In this pursuit, someone had phished a Reddit employee to access and steal the internal data of the company!
As noted by Reddit, the company suffered a data breach incident on Sunday evening – after one of their employees fell in a phishing attack! The malicious page was crafted to look like a landing page impersonating its intranet site, says Reddit.
With the employee’s login credentials and two-factor authentication tokens stolen in that attack, those were used by the threat actor to access Reddit’s internal systems – which contained some documents, code, some internal dashboards, and business systems. But, the company notes no signs of effect on their platform.
“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
Upon investigation, Reddit found out that hackers have stolen the contact data of company contacts, like their current and former employees. Also, some data belonging to the company’s advertisers was also breached, says Reddit.
Although, the company assured that no credit card information, passwords, and ad performance were accessed in this incident. Though Reddit didn’t share more details about the phishing attack, they referenced it to be similar to the breach of Riot Games.
In the case of Riot Games, hackers stole the stolen source code for several games like League of Legends multiplayer online battle arena, the Teamfight Tactics auto battler game, and a legacy anti-cheat platform from Riot Games.