Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code.
The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.
After one employee fell victim to the phishing attack, the threat actor was able to breach internal Reddit systems to steal data and source code.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.