Reddit — Data Breach
Executive Summary
Attackers successfully phished a Reddit employee using a spoofed intranet login page, gaining access to internal documents, code, and some internal business systems. Contact information for hundreds of current and former employees was accessed. In June 2023, the BlackCat/ALPHV ransomware group claimed responsibility, alleging 80 GB of compressed data was stolen and demanding a $4.5 million ransom, which Reddit refused to pay.
What Happened
On February 5, 2023, Reddit experienced a phishing attack where attackers sent employees prompts directing them to a fake intranet login page designed to steal credentials and two-factor authentication tokens. One employee fell victim to the phishing attempt, allowing attackers to access internal documents, source code, internal dashboards, and business systems. In June 2023, the BlackCat/ALPHV ransomware group claimed responsibility for the attack, stating they had stolen 80 GB of compressed data and demanded a $4.5 million ransom, which Reddit refused to pay.
Who Is Affected
Contact information for hundreds of current and former Reddit employees was accessed during the breach, along with some advertiser information. Reddit stated it found no evidence that personal user data or other non-public data belonging to its more than 50 million daily users was stolen, published, or distributed online.
Why It Matters
This incident demonstrates how sophisticated phishing attacks targeting employees can bypass security measures including two-factor authentication, granting attackers access to sensitive corporate systems and data. The breach highlights the vulnerability of human factors in organizational security and represents a growing trend of ransomware groups conducting data theft operations without deploying encryption. The case also illustrates how companies may face prolonged extortion attempts, with threat actors publicly threatening data leaks months after initial compromise.
What You Should Do
Reddit recommends all users set up two-factor authentication on their accounts and use a password manager, which can both generate strong passwords and warn users before entering credentials on phishing sites. Users should remain vigilant about verifying website authenticity before entering login credentials, particularly when following links from messages or emails.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.