Reddit said its platform suffered a cyberattack on Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code.
The social media said the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees' credentials and two-factor authentication tokens.
According to Reddit, they learned of the breach after the employee self-reported the incident to the company's security team.
However, upon investigating the incident, Reddit confirms that the stolen data includes limited contact information for company contacts and current and former employees.
"After successfully obtaining a single employee's credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems," said Reddit.