Reddit source code stolen in data breach

Reddit disclosed that it suffered from a cyberattack on Sunday, February 5, 2023, allowing hackers to access internal business systems and steal internal documents and source code. The alert described the hack as a “sophisticated and highly-targeted phishing attack.”

The phishing attack reportedly targeted specific Reddit employees. The attacker sent out persuasive prompts to the employees on a fake website that resembled the intranet gateway employees use to steal credentials and two-factor authentication tokens.

The attackers then were able to successfully leverage the captured credentials to steal internal documents, Reddit platform source code, and observe internal dashboards and business systems.

Reddit states that it believes it has no indication at this time that critical company systems that store the majority of its data were affected in the breach.

No evidence from the cyber event indicates that non-public Reddit user data was accessed or exposed, according to the statement.

The company will update its official statement with any new findings of the incident, but at the date of this writing, no further updates have been made since the initial disclosure.

Reddit strongly encourages all of its users to utilize two-factor or multi-factor authentication to secure their account, and “update your password every few months” – even though this password-changing tactic has been proved useless by cyber experts.

Finally, using a password manager was also recommended by the Reddit alert, something we can agree with. Just don’t use LastPass.

It may be time to create a new Reddit alt-account anyway. We’re not sure how valuable your cat and meme upvotes are to the hackers responsible.