Reddit Suffers Security Breach Exposing Internal Documents and Source Code

Feb 10, 2023Ravie LakshmananData Breach / Source Code

Popular social news aggregation platform Reddit has disclosed
that it was the victim of a security incident that enabled
unidentified threat actors to gain unauthorized access to internal
documents, code, and some unspecified business systems.

The company blamed it on a “sophisticated and highly-targeted
phishing attack” that took place on February 5, 2023, targeting its
employees.

The attack entailed sending out “plausible-sounding prompts”
that redirected to a website masquerading as Reddit’s intranet
portal in an attempt to steal credentials and two-factor
authentication (2FA) tokens.

A single employee’s credentials is said to have been phished in
this manner, enabling the threat actor to access Reddit’s internal
systems. The affected employee self-reported the hack, it further
added.

The company, however, stressed that there is no evidence to
suggest that its production systems were breached or that users’
non-public data has been compromised. There is no indication that
the accessed information has been published or distributed
online.

“Exposure included limited contact information for (currently
hundreds of) company contacts and employees (current and former),
as well as limited advertiser information,” Reddit said^[1].

It further noted “similar phishing attacks have been recently
reported” without taking any specific names. It did not disclose
what source code was accessed following the security lapse.

The development is yet another indication as to how threat
actors are increasingly finding ways to defeat 2FA by setting up
lookalike pages that are capable of pulling off
adversary-in-the-middle (AitM^[2]) attacks.