SINGAPORE: Popular social media platform Reddit was hit by a phishing attack on Feb 5 that saw hackers gain access to internal documents and code, but no user data was compromised.

The exposed data included the “limited” contact information of hundreds of “company contacts” and Reddit employees, as well as some advertiser information, said a Reddit spokesman in a thread posted on the platform’s official subreddit last Friday (Feb 10).

He said that the breach was due to a phishing campaign targeted at Reddit employees, directing them to a website that impersonated its intranet site.

This site attempted to steal employees’ credentials and two-factor authentication (2FA) tokens.

“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal documents, code, as well as some internal dashboards and business systems,” he added.

Preliminary investigations showed that the exposed data was not being distributed online. So far, there had been no indication that the production systems used to run the website had been breached, said the spokesman.

Although users were unaffected by the breach, the spokesman recommended that they set up 2FA to better secure their accounts.

He also recommended that users update their passwords every few months, and use a password manager. A password manager is a software application that stores and manages online credentials.

 - ANN