The initial breach occurred when Reddit employees fell victim to a targeted phishing scheme, receiving convincing prompts to visit a website that closely resembled Reddit’s intranet gateway. One individual unknowingly provided their login details and second-factor tokens, enabling the hackers to gain unauthorized access to internal documents, dashboards, code, contracts, and some advertisers’ and employees’ information. Although none of the compromised data has been made public so far, the situation may change if the ransom demands are not met.
