Reddit Tells Users To Enable 2FA After Hackers Steal Source Code Data In Security Breach

Reddit logo on top of a Matrix background.
Hackers recently managed to infiltrate Reddit and gain access to internal documents, source code, and internal business systems, an admin for the site disclosed. According to Reddit, the cyberattack was the result of a "sophisticated phishing campaign" against the site's employees. In a post detailing the security incident, Reddit reminded users that they should enable two-factor authentication (2FA) on their accounts as an added layer of protection.

The "highly-targeted phishing attack" occurred in the late hours of February 5, 2023 (this past Sunday). Reddit says the perpetrator sent out plausible-sounding prompts to employees, which directed them to a website that cloned Reddit's intranet gateway. This allowed the culprit to steal login credentials and second-factor tokens from a single individual who fell for the scheme, with inside access to Reddit's vaults.

"After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data)," Reddit said.

To be clear, Reddit is currently saying that all user passwords and accounts remain safe. However, the perpetrator did make off with limited details for hundreds of company contacts and employees, and some advertiser information as well.

"Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online," Reddit added.

The employee who let their guard down self-reported shortly after the phishing attack occurred. From there, Reddit said its security team went into immediate action, blocking the hacker's access and initiating an internal investigation.

KeyserSosa, the admin who disclosed the breach in a post on Reddit, answered a few follow-up questions in the accompanying thread. During the makeshift AMA, KeyserSosa said they are "highly doubtful" that any previous contractors were affected by the incident.

As for the employee who coughed up their credentials, KeyserSosa expressed appreciation that they came forward so quickly. When someone commented that they hoped no one was fired as a result of the breach, KeyserSosa responded, "I see it as we have invested in an employee's security education. Also it was fun to be able to dust off ye olde stocks."