Data Breach

Reddit Data Breach

0 records exposed • February 2023

A Reddit employee was tricked by a fake website into entering their password and text message code. Hackers used this to access internal Reddit systems and documents.

What Happened

A Reddit employee fell victim to a sophisticated phishing attack that bypassed SMS-based 2FA, giving attackers access to internal documentation, code, and business systems.

Attack method: Phishing attack on employee

What Data Was Exposed

Internal documents, Source code, Employee information

Is your business exposed?

What to Do If You're Affected

1.
No direct user action needed
2.
Change password if notified by Reddit

Lessons for Businesses

• SMS-based 2FA can be phished in real-time
• Phishing-resistant MFA is necessary for high-risk accounts
• Quick disclosure helps the security community

Sources

https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/

Related Breaches

Twilio 2022, Cloudflare 2022

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required