Security News > 2023 > February > Reddit Suffers Security Breach Exposing Internal Documents and Source Code

Reddit Suffers Security Breach Exposing Internal Documents and Source Code
2023-02-10 04:28

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.

The company blamed it on a "Sophisticated and highly-targeted phishing attack" that took place on February 5, 2023, targeting its employees.

The attack entailed sending out "Plausible-sounding prompts" that redirected to a website masquerading as Reddit's intranet portal in an attempt to steal credentials and two-factor authentication tokens.

A single employee's credentials is said to have been phished in this manner, enabling the threat actor to access Reddit's internal systems.

"Exposure included limited contact information for company contacts and employees, as well as limited advertiser information," Reddit said.

It did not disclose what source code was accessed following the security lapse.


News URL

https://thehackernews.com/2023/02/reddit-suffers-security-breach-exposing.html