\n<\/p>\n
Reddit has confirmed hackers accessed internal documents and source code following a \u201chighly-targeted\u201d phishing<\/a> attack.<\/p>\n A post by Reddit CTO Christopher Slowe<\/a>, or KeyserSosa, explained that the company became aware of the \u201csophisticated\u201d attack targeting Reddit<\/a> employees on February 5.\u00a0He says that an as-yet-unidentified attacker sent \u201cplausible-sounding prompts\u201d\u00a0that redirected employees to a website masquerading as Reddit\u2019s intranet portal in an attempt to steal credentials and\u00a0two-factor authentication<\/a>\u00a0tokens.<\/p>\n Slowe said that \u201csimilar phishing attempts\u201d have been reported recently, without naming specific examples. However, he likened the breach to the recent Riot Games hack<\/a>, which saw attackers use social engineering tactics to access source code for the company\u2019s legacy anticheat system.<\/p>\n Reddit said that hackers successfully obtained a single employee\u2019s credentials, enabling them to gain access to gained access internal documents and source code as well as some internal dashboards and business systems.\u00a0<\/span><\/p>\n Slowe said the company learned of the breach after the phished employee self-reported the incident to Reddit\u2019s security team, enabling it quickly cut off the infiltrators\u2019 access and commence an internal investigation.<\/p>\n Reddit, which has more than 50 million daily uses, said its investigation has concluded that limited contact information for \u201chundreds\u201d of current and former employees, as well as some advertiser information, was also accessed.\u00a0However, the company says it has \u201cno evidence\u201d to suggest that personal user data and other non-public data has been stolen, published, or distributed online.<\/p>\n Regardless, Reddit has recommended that all users set up 2FA on their accounts and use a password manager<\/a>.\u00a0\u201cBesides providing great complicated passwords, they provide an extra layer of security by warning you before you use your password on a phishing site,\u201d Slowe says.\u00a0<\/span><\/p>\n \u201cWe\u2019re continuing to investigate and monitor the situation closely and working with our employees to fortify our security skills,\u201d he added. \u201cAs we all know, humans are often the weakest part of the security chain.\u201d<\/p>\n