What happened
On February 9, 2023, Reddit disclosed in a post by chief technology officer Christopher Slowe that, on February 5, a sophisticated spear-phishing campaign had tricked an employee into entering credentials and a two-factor token on a site cloning Reddit's intranet gateway. The attacker accessed internal documents, source code, dashboards, business systems, and contact details for hundreds of current and former employees, along with limited advertiser information.
Reddit said no user passwords or production systems were compromised and that it had no evidence user data was the target. In June 2023, the BlackCat (ALPHV) ransomware group claimed responsibility for the intrusion and demanded a $4.5 million ransom, threatening to leak the stolen material. The episode underscored the persistence of credential-phishing attacks even against security-aware organizations.