Reddit has informed users that it was hacked Sunday night, but says user accounts and passwords appear to be safe.
According to the social media company, its employees were targeted by a “sophisticated phishing campaign” that pointed employees to a website that attempted to steal their credentials.
After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems. We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).
Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.
Hopefully the scope of the breach remains limited to Reddit’s initial findings.