Image default

Reddit Suffers Security Breach Exposing Internal Documents and Source Code

Feb 10, 2023Ravie LakshmananData Breach / Source Code


Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.

The company blamed it on a “sophisticated and highly-targeted phishing attack” that took place on February 5, 2023, aimed at its employees.

The attack entailed sending out “plausible-sounding prompts” that redirected to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens.

A single employee’s credentials is said to have been phished in this manner, enabling the threat actor to access Reddit’s internal systems. The affected employee self-reported the hack, it further added.

The company, however, stressed that there is no evidence to suggest that its production systems were breached or that users’ non-public data had been compromised. There is no indication that the accessed information has been published or distributed online.

“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information,” Reddit said.

It further noted “similar phishing attacks have been recently reported” without taking any specific names. It did not disclose what source code was accessed following the security lapse.

The development is yet another indication as to how threat actors are increasingly finding ways to defeat 2FA by setting up lookalike pages that are capable of pulling off adversary-in-the-middle (AitM) attacks.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Related posts

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

James Horns

LastPass Hack: Engineer’s Failure to Update Plex Software Led to Massive Data Breach

James Horns

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

James Horns

Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities

James Horns

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

James Horns

New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software

James Horns

Leave a Comment