Reddit gets hacked after employee falls victim to phishing attack

Hacker hacking Reddit.
(Image credit: Getty Images - SOPA Images)

On February 5, Reddit's systems were breached due to a phishing attack where a hacker gained access to internal documents, systems, and code.  

Reddit wrote in a lengthy post last night that they became aware of a recent "sophisticated phishing campaign that targeted Reddit employees." The attack was intended to trick employees by sending links to a fake website that "cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens."

One employee self-reported that they fell prey to a phishing attack where the attackers gained their log-in credentials. From there, Reddit says the bad actor gained access to "some internal docs, code, as well as some internal dashboards and business systems."

A further investigation by Reddit said that additional exposure was "limited" contact information of current and former employees and advertiser information. There was also no evidence of any breach of "primary production systems."

Based on the company's investigation, it said no Reddit user accounts or passwords were affected in the attack. Once security knew what was happening, it revoked access to that account. The post also mentions similar phishing attacks have been reported recently by other Reddit employees. 

Reddit later said in a comment, "As we all know, the human is often the weakest part of the security chain," which is the most passive-aggressive message an IT person could send you after someone falls for a phishing scam. 

The end of the post promoted different ways of keeping your Reddit account safe such as enabling two-factor authentication and using a password manager. Password managers are great at preventing phishing attacks since they can detect when something is fishy about the domain you're about to log on to. 

Personally, I'm just happy to see that my favorite subreddit was unaffected.

Image


<a href="/best-ssd-for-gaming/" data-link-merchant="pcgamer.com"" target="_blank">Best SSD for gaming: The best solid state drives around
<a href="/best-pcie-4-ssd-for-gaming/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">Best PCIe 4.0 SSD for gaming: Speedy drives
<a href="/best-nvme-ssd/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">The best NVMe SSD: Slivers of SSD goodness
<a href="/best-external-hard-drives/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">Best external hard drives: Expand your horizons
<a href="/best-external-ssd-for-game-storage/" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" data-link-merchant="pcgamer.com"" target="_blank">Best external SSDs: Fast, solid, and portable

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.