Reddit suffered a security breach resulting in unauthorized access to its internal systems, sensitive documents, and system source code by threat actors. The breach occurred through a phishing campaign targeting Reddit employees, where threat actors used a fake login page mimicking the company’s intranet site to obtain employee login credentials and two-factor authentication tokens.
Reddit released that user accounts and passwords are safe
Reddit confirmed the success of the phishing attack, stating that one employee’s login credentials were compromised, allowing threat actors to gain access to its internal systems, certain internal documents, source codes, internal dashboards, and other business systems. However, Reddit reassured users that their passwords and accounts were not compromised. The affected employee reported the incident, and the security team quickly responded by removing the attacker’s access and conducting an internal investigation.
Reddit recommended users enable two-factor authentication and regularly update their login credentials with strong password policies to avoid potential risks.