Reddit suffered a cyberattack on Sunday evening, allowing hackers to access the company’s internal systems and steal internal documents and source code.
The company says hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employee credentials and two-factor authentication tokens.
After an employee fell victim to the phishing attack, the threat actor was able to breach Reddit’s internal systems to steal data and source code.
“After successfully obtaining the credentials of a single employee, the attacker gained access to some internal documents, code, as well as some internal dashboards and corporate systems,” says Reddit in their security incident notification.
“We show no indication of violation of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
Reddit says it learned of the breach after the employee reported the incident to the company’s security team.
After investigating the incident, Reddit says the stolen data includes limited contact information for company contacts and current and former employees.
The data also included details of the company’s advertisers, but credit card information, passwords and ad performance were not accessed.
Reddit also says there is no evidence that the threat actors were able to breach the production systems used to run the website.
Although Reddit did not share any details regarding the phishing attack, they did refer to a attack used to breach Riot Games.
In this attack, threat actors breached Riot Games and stole the source code for the League of Legends (LoL) multiplayer online battle arena, the Teamfight Tactics (TFT) auto battle game, and a legacy anti-cheat platform.
The gaming company then received and declined a $10 million ransom demand so that the data is not disclosed. The hacker then attempted to League of Legends source auctions for $10 million on a hacker forum.
BleepingComputer reached out to Reddit with further questions, but an answer was not immediately available.