Reddit was the target of a cyberattack on February 5, 2023. The company became aware of a sophisticated phishing campaign aimed at Reddit employees, which resulted in a successful fishing attempt.
According to Reddit’s statement, a single employee’s credentials were compromised, allowing the attacker to access some internal documents, code, dashboards, and business systems. Although attackers accessed limited contact information of hundreds of company contacts, current and former employees, and advertiser information, Reddit believes that no information has been listed online.
The affected employee reported the security issue, and Reddit’s security team promptly removed access to its systems and initiated an investigation. Reddit also noted that similar phishing attacks had been reported elsewhere, including an attack on Riot Games.
It’s reassuring that Reddit does not believe that attackers accessed any user data. However, as a precautionary measure, Reddit recommends that users set up two-factor authentication on their Reddit accounts. It is also an excellent reminder to enable two-factor authentication on all accounts that support it.