Reddit was the victim of a cyberattack in which hackers stole employees’ login details and gained access to the platform’s internal systems.
Popular Internet forums say the incident took place on February 5.
The company revealed in a statement that hackers accessed “internal documents, code, and some internal dashboards and business systems.”
But there was “no evidence” that user passwords or other information had been compromised.
Reddit It said its employees had fallen victim to a “sophisticated” phishing campaign in which people were tricked into handing over personal information by bad actors posing as credible people or businesses.
The targeted employees received “specious-sounding prompts” that pointed them to a website that cloned the company’s internal gateway, which the employees used to log in, and then attempted to steal their credentials.
Reddit confirmed that the attack also exposed “limited contact information” of some current and former employees, as well as “limited advertiser information.”
It added that those affected reported the incident and the attacker’s access was cut off.
More tech coverage from Sky News:
Battle of the Chatbots
Why the Hogwarts legacy is being boycotted
While users were not affected, Reddit has urged people to improve their account security.
“Now is a good time to remind you how to protect your Reddit account,” it said.
Effective measures include setting up two-factor authentication, adding an extra layer of security, and updating passwords every few months.
Phishing attacks ‘getting more sophisticated’
Attacks of the kind that have befallen Reddit workers are becoming more common and sophisticated, an expert warns.
Phishing is designed to exploit victims’ expectations of what they might see online, which is why they are so common During busy shopping seasons like Black Friday and Christmas.
An example might be a scam email claiming to be from a well-known retailer with an offer if you click a link in it.
Darren Guccione, CEO and co-founder of Keeper Security, said: “The key is to make sure that the URL of the target website matches the real website.
“When using a password manager, it automatically recognizes when a site’s URL doesn’t match what’s contained in a user’s vault, providing a key additional layer of security.”