Online discussion website Reddit suffered a cyberattack allowing hackers to access internal business systems and steal internal documents and source code.

The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.

Buy Me A Coffee

After one employee fell victim to the phishing attack, the threat actor was able to breach internal Reddit systems to steal data and source code.

“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explains.

Reddit in their security incident notice.

After investigating the incident, Reddit says the stolen data includes limited contact information for company contacts and current and former employees.

New York Times Source Code Stolen Using Exposed GitHub Token