Hackers used a phishing attack on employees to steal login details and access the platform’s internal systems, according to Reddit, a popular internet forum website.
According to the company, hackers gained access to “internal documents, code, as well as some internal dashboards and business systems” on February 5.
However, after several days of investigation, the online forum stated that it had “no evidence” that Reddit user passwords or other information had been compromised or distributed online.
The company used a “sophisticated phishing campaign” to target Reddit employees, according to a statement posted on Reddit.
In a phishing attack, hackers attempt to trick victims into handing over personal information by impersonating a credible figure or business in order to obtain personal information.
“The attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens,” Reddit said of the attack.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We have found no evidence of a breach in our primary production systems (the components of our stack that run Reddit and store the vast majority of our data).”
The attack exposed “limited contact information” of current and former employees, as well as “limited advertiser information,” according to Reddit.
According to the company, the victim of the attack self-reported the incident, and the firm’s security team blocked the attacker’s access.
The incident was also used by Reddit to encourage users to improve their own personal security.
“Because we’re talking about security and safety, now’s a good time to remind you how to protect your Reddit account,” the company explained.
“The most important (and simplest) security measure you can take is to enable 2FA (two-factor authentication), which adds an extra layer of security when you access your Reddit account.
And, if you want to go a step further, updating your password every couple of months is always a good idea – just make sure it’s strong and unique for added security.”