Security News > 2023 > February > Reddit Suffers Security Breach Exposing Internal Documents and Source Code
Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.
The company blamed it on a "Sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees.
The attack entailed sending out "Plausible-sounding prompts" that redirected to a website masquerading as Reddit's intranet portal in an attempt to steal credentials and two-factor authentication tokens.
A single employee's credentials is said to have been phished in this manner, enabling the threat actor to access Reddit's internal systems.
"Exposure included limited contact information for company contacts and employees, as well as limited advertiser information," Reddit said.
It did not disclose what source code was accessed following the security lapse.
News URL
https://thehackernews.com/2023/02/reddit-suffers-security-breach-exposing.html
Related news
- UN aviation agency investigating 'potential' security breach (source)
- Washington state sues T-Mobile over 2021 data breach security failures (source)
- UN aviation agency confirms recruitment database security breach (source)
- HPE investigates breach as hacker claims to steal source code (source)
- Engineering giant Smiths Group discloses security breach (source)
- Australian fertility services giant Genea hit by security breach (source)
- Drug-screening biz DISA took a year to disclose security breach affecting millions (source)