An administrator for the website said that a Reddit employee’s credentials were taken in a targeted phishing assault, and hackers were able to penetrate its servers on February 5th. Evidently, Reddit employees had been receiving “plausible-sounding instructions” that led to a website that looked and behaved like its intranet gateway, with the intention of stealing people’s logins and second-factor tokens. When one employee was duped, they promptly self-reported. As a result, the website’s security team was able to respond promptly and cut off the infiltrators’ access.
