2023 Breach: Employee Spear-Phishing Exposes Source Code and Internal Documents
- Vector
- phishing
- Severity
- high
- Records exposed
- Limited contact details for hundreds of current and former employees; limited advertiser information
- Data exposed
- Internal documents, source code, internal dashboards and business systems; limited employee contact data and advertiser information
- Attacker
- BlackCat/ALPHV ransomware group (claimed)
- Discovered
- 2023-02-05
- Disclosed
- 2023-02-09
- Date
- 2023-02-09
What happened
On February 5, 2023, a sophisticated, targeted spear-phishing campaign pointed Reddit employees to a site that cloned the company's intranet gateway to capture credentials and second-factor tokens in real time. One employee was phished and self-reported, after which the attacker accessed internal documents, source code, some internal dashboards and business systems, and limited contact information for current and former employees plus some advertiser data. Reddit said it found no evidence that non-public user data such as passwords or accounts was accessed or distributed. CTO Christopher Slowe disclosed the incident in a February 9 post titled 'We had a security incident.' The ransomware group BlackCat/ALPHV later claimed responsibility for the intrusion.