Slowe said that “similar phishing attempts” have been reported recently, without naming specific examples, but likened the breach to the recent Riot Games hack, which saw attackers use social engineering tactics to access source code for the company’s legacy anti-cheat system.
He says that an as-yet-unidentified attacker sent “plausible-sounding prompts,” which redirected employees to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication tokens. Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack.Ī post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that on February 5 the company became aware of the “sophisticated” attack targeting Reddit employees.
