Reddit was hacked last weekend. Having successfully compromised one of the employees, the hackers were able to gain access to the company’s internal business systems, steal internal documents and source code.
Reddit representatives say that the attackers used a phishing bait and attacked employees, trying to lure them to a landing page that mimicked one of the Reddit intranet sites. This site was used to steal credentials and two-factor authentication tokens. Unfortunately, one of the employees fell for the hackers.
“After successfully obtaining the credentials of one of the employees, the attackers gained access to some internal documents, code, as well as a number of internal dashboards and business systems,” Reddit said in an official statement. “We found no signs of a breach on our core production systems (the parts of our stack that run Reddit and store most of our data).”
Reddit reports that the breach came to light after an employee independently realized what had happened and reported the incident to company security.
As the investigation showed, among the stolen data there was also information about the company’s contacts and the contact details of some current and former employees. In addition, the stolen data contained some information about advertisers, but bank card information, passwords, and advertising performance metrics were not disclosed.
While Reddit has so far given little to no details about the phishing attack, the company is citing a similar incident that Riot Games recently suffered. Let me remind you that at that time hackers also compromised one of the employees, penetrated the company’s systems and stole the source code of the League of Legends (LoL) and Teamfight Tactics (TFT) games, as well as an outdated anti-cheat platform.
Later, the attackers demanded a $10 million ransom from the company (but Riot Games refused to atit), and in the end they put up the LoL source code and Packman usermode anti-cheat for sale, valuing the data at one million dollars.