Hackers successfully hijacked one of the employees and managed to gain access to the company’s internal business systems, stealing internal documents and source code.

what is known

Reddit representatives say the attackers used a phishing site that impersonated one of the company’s internal resources. Employees were drawn there and they finally succeeded. They stole account details – login and password – and a two-factor authentication token.

After successfully obtaining the credentials of one of the employees, the attackers gained access to some internal documents, code, and a number of internal dashboards and business systems. We haven’t seen any signs of breaches in our core production systems (the parts of our stack that run Reddit and store most of our data).
– said in the statement.

Reddit reported that the breach became known after an employee independently figured out what had happened and reported the incident to the company’s security service.

• It was also present among the stolen data, as the investigation showed. company contact information and contact details of some current and former employees.
• In addition, the stolen data contains information about advertisershowever, debit card information, passwords, and ad performance metrics were not disclosed.

While Reddit has yet to release any details about the phishing attack, it does say this: passwords and user accounts are safe.