On February 5, Reddit’s systems were breached due to a phishing attack where a hacker gained access to internal documents, systems, and code.  

Reddit wrote in a lengthy post last night that they became aware of a recent “sophisticated phishing campaign that targeted Reddit employees.” The attack was intended to trick employees by sending links to a fake website that “cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens.”

One employee self-reported that they fell prey to a phishing attack where the attackers gained their log-in credentials. From there, Reddit says the bad actor gained access to “some internal docs, code, as well as some internal dashboards and business systems.”

A further investigation by Reddit said that additional exposure was “limited” contact information of current and former employees and advertiser information. There was also no evidence of any breach of “primary production systems.”

Based on the company’s investigation, it said no Reddit user accounts or passwords were affected in the attack. Once security knew what was happening, it revoked access to that account. The post also mentions similar phishing attacks have been reported recently by other Reddit employees. 

Reddit later said in a comment, “As we all know, the human is often the weakest part of the security chain,” which is the most passive-aggressive message an IT person could send you after someone falls for a phishing scam. 

The end of the post promoted different ways of keeping your Reddit account safe such as enabling two-factor authentication and using a password manager. Password managers are great at preventing phishing attacks since they can detect when something is fishy about the domain you’re about to log on to. 

Personally, I’m just happy to see that my favorite subreddit was unaffected.