Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems.
The company blamed it on a “sophisticated and highly-targeted phishing attack” that took place on February 5, 2023, targeting its employees.
The attack entailed sending out “plausible-sounding prompts” that redirected to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication (2FA) tokens.
A single employee’s credentials is said to have been phished in this manner, enabling the threat actor to access Reddit’s internal systems. The affected employee self-reported the hack, it further added.
The company, however, stressed that there is no evidence to suggest that its production systems were breached or that users’ non-public data has been compromised. There is no indication that the accessed information has been published or distributed online.
“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information,” Reddit said.
It further noted “similar phishing attacks have been recently reported” without taking any specific names. It did not disclose what source code was accessed following the security lapse.
The development is yet another indication as to how threat actors are increasingly finding ways to defeat 2FA by setting up lookalike pages that are capable of pulling off adversary-in-the-middle (AitM) attacks.