Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code.
The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.
After one employee fell victim to the phishing attack, the threat actor was able to breach internal Reddit systems to steal data and source code.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explains Reddit in their security incident notice.
“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
Reddit says they learned of the breach after the employee self-reported the incident to the company’s security team.
After investigating the incident, Reddit says the stolen data includes limited contact information for company contacts and current and former employees.
The data also included some details about the company’s advertisers but credit card information, passwords, and ad performance was not accessed.
Reddit also says that there are no indications that the threat actors were able to breach production systems used to run the website.
While Reddit has not shared any details regarding the phishing attack, they referenced a similar attack used to breach Riot Games.
In that attack, threat actors breached Riot Games and stole source code for League of Legends (LoL) multiplayer online battle arena, the Teamfight Tactics (TFT) auto battler game, and a legacy anti-cheat platform.
The game company later received and refused a $10 million ransom demand for the data not to be leaked. The hacker later attempted to auction the source for League of Legends for $10 million on a hacker forum.
Protergo has contacted Reddit with further questions but a reply was not immediately available.