Online discussion website Reddit suffered a cyberattack allowing hackers to access internal business systems and steal internal documents and source code.
The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.
After one employee fell victim to the phishing attack, the threat actor was able to breach internal Reddit systems to steal data and source code.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explains.
Reddit in their security incident notice.
After investigating the incident, Reddit says the stolen data includes limited contact information for company contacts and current and former employees.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.