Reddit Gets Hacked After Employee Falls Victim To “Phishing Attack”

The ongoing incident investigation has found no evidence that user passwords or accounts were accessed, Reddit said.

Reddit, the social news and discussion site, on Thursday confirmed that a security breach affected its systems on February 5. In a security incident posting on its site, Reddit disclosed that it was the victim of a “sophisticated and highly-targeted phishing attack”. It said that the attack targeted its employees and deceived them into visiting a clone of the website’s intranet gateway and getting them to input their credentials. 

“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” Reddit wrote in its post.

“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data),” it added. 

Further, the company also stated that user accounts and credentials were safe. Reddit said that an investigation into the incident has concluded that limited contact information for current and former employees, as well as some advertiser information, was exposed. 

“We have no evidence to suggest that any of your non-public data has been accessed or that Reddit’s information has been published or distributed online,” it added.

Nonetheless, Reddit recommended that users take the important and simple measure of setting up two-factor authentication on their accounts if they haven’t done it already. “And if you want to take it a step further, it’s always a good idea to update your password every couple of months – just make sure it’s strong and unique for greater protection,” Reddit wrote in its post. 

“We’re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills. As we all know, humans are often the weakest part of the security chain,” the company added.