The company Reddit, which owns the social platform of the same name, was subjected to a hacking attack last Sunday that gave attackers access to internal business systems as well as documents and source code.
How reported the systems of the platform were then hacked on the Reddit website “a sophisticated and targeted phishing attack.” The hackers set up a website pretending to be an internal Reddit portal for company employees to steal employee credentials and two-factor authentication tokens.
“After successfully obtaining an employee’s credentials, the attacker gained access to some internal documents, code, and some internal dashboards and business systems.” Reddit explained and added that there were no signs of hacking into the main production systems (the parts of the stack that run Reddit and store most of the data).
Reddit reported that the injured employee himself reported the incident to the company’s security team. The investigation revealed that the hackers managed to steal limited information about the company’s contacts and current and former employees (about 100 accounts). In addition, the attackers gained access to some information about the company’s advertisers.
The company found that users’ credit card and password information was unaffected. However, forum members are encouraged to perform two-factor authentication to provide an extra layer of security when accessing their Reddit account.