Reddit suffered a cyberattack Sunday night, permitting hackers to entry inside enterprise techniques and steal inside paperwork and supply code.
The firm says the hackers used a phishing lure focusing on Reddit staff with a touchdown web page impersonating its intranet web site. This web site tried to steal staff’ credentials and two-factor authentication tokens.
After one worker fell sufferer to the phishing assault, the menace actor was in a position to breach inside Reddit techniques to steal knowledge and supply code.
“After efficiently acquiring a single worker’s credentials, the attacker gained entry to some inside docs, code, in addition to some inside dashboards and enterprise techniques,” explains Reddit of their safety incident discover.
“We present no indications of breach of our main manufacturing techniques (the elements of our stack that run Reddit and retailer the vast majority of our knowledge).”
Reddit says they discovered of the breach after the worker self-reported the incident to the corporate’s safety workforce.
After investigating the incident, Reddit says the stolen knowledge consists of restricted contact info for firm contacts and present and former staff.
The knowledge additionally included some particulars concerning the firm’s advertisers however bank card info, passwords, and advert efficiency was not accessed.
Reddit additionally says that there aren’t any indications that the menace actors have been in a position to breach manufacturing techniques used to run the web site.
While Reddit has not shared any particulars concerning the phishing assault, they referenced the same assault used to breach Riot Games.
In that assault, menace actors breached Riot Games and stole supply code for League of Legends (LoL) multiplayer on-line battle enviornment, the Teamfight Tactics (TFT) auto battler recreation, and a legacy anti-cheat platform.
The recreation firm later obtained and refused a $10 million ransom demand for the info to not be leaked. The hacker later tried to public sale the supply for League of Legends for $10 million on a hacker discussion board.
BleepingComputer has contacted Reddit with additional questions however a reply was not instantly obtainable.