The ramifications of a Reddit breach which occurred back in February are now being felt, with the attackers threatening to leak the stolen data. The February attack, billed as a “sophisticated phishing campaign” by Reddit, involved an attempt to swipe credentials and two-factor authentication tokens.
One employee was tricked into handing over details, and then reported what had happened to Reddit. Its security team locked things down and began investigating.
The employee’s credentials were reportedly used to gain access to “some internal docs, code, as well as some internal dashboards and business systems”, which exposed “limited contact information” for company contacts and employees, and information about advertisers.
Reddit advised users that their passwords were safe, and so there was no need to alter login details. There were also “no signs” that the breach impacted “the parts of our stack that run Reddit and store the majority of our data, or any of your non-public data”. At the time, Reddit received praise for the clarity of the messaging. “This happened, that didn’t, your login is fine” is somewhat unusual in these situations and messaging is often confusing or even simply absent for far too long.