Reddit hit by data breach after hackers targeted its employees — what you need to know

Reddit logo and Reddit logo on phone
(Image credit: Shutterstock)

The news aggregation and social media site Reddit recently fell victim to a cyberattack that allowed hackers to access its internal systems and steal its source code.

According to a security incident notice posted on the site, the hackers behind the attack carried out a sophisticated phishing campaign to target its employees. By using a cloned version of Reddit’s intranet gateway, they were able to steal employee credentials and second-factor tokens.

With employee credentials in hand, the attackers then proceeded to gain access to some of Reddit’s internal documents, source code and some internal dashboards and business systems. Fortunately, there were no signs that Reddit’s production systems were breached.

Similarities to Riot Games data breach

Following its own internal investigation into the data breach, Reddit revealed that passwords and other user data wasn’t stolen by the attackers.

While details about the attack are scarce at this time, the company did reference a similar attack that was used to breach the game developer Riot Games. According to BleepingComputer, that attack saw hackers breach the company's systems and steal source code for League of Legends and the game Teamfight Tactics, as well as an anti-cheat platform that is no longer in use.

We could potentially find out more from Reddit regarding the breach soon, but for now at least we know that user accounts weren’t affected.

How to protect your Reddit account

Reddit logo

(Image credit: Shutterstock)

Unlike Facebook or Twitter, Reddit is a much more anonymous platform where users feel free to share all of their thoughts as opposed to self-censoring. As such, if a user’s Reddit posts were made public, it could find them in hot water. This is why the company is recommending that users set up two-factor authentication (2FA) for their accounts to add an extra layer of security. 

In a support page, Reddit explains that to do so, you first need to click on your username and then head to User Settings and click on the Privacy & Security tab. Under the Advanced Security section, click on Use two-factor authentication, enter your password and click Confirm. From here, you need to follow the step-by-step instructions to set up 2FA and you need to write down your backup codes to ensure that you can regain access to your account in case you lose access to your two-factor authentication method. Once 2FA is set up for your Reddit account, you’ll need to enter a 6-digit code from your authenticator app every time you login to the site. We also have a detailed explainer in case you run into any problems enabling 2FA for your Reddit account.

Besides 2FA, Reddit also suggests you use one of the best password managers to securely store your credentials for the site. At the same time, you should use a unique and strong password for your account. 

Large sites like Reddit are frequently targeted by hackers as they can use the data they steal to carry out other attacks or to try and secure a ransom from the company itself. 

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Reddit logo and Reddit logo on phone
Hackers have created hundreds of fake Reddit sites to spread info-stealing malware
Discord on a phone and a laptop
Reported Discord data leak disputed by third-party service RestoreCard
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
A phone in hand showing the LastPass logo
Millions stolen from LastPass users in massive attack — what you need to know
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
Latest in Online Security
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 16 (#644)
Nintendo Switch 2
New Nintendo Switch 2 FCC filing suggests this beloved Nintendo controller could make a comeback
(From L to R) Rohan (Nik Dodani), Josh (Brandon Flynn), Dorothy (Edie Falco), John (Dean Norris), and Liddie (Lisa Kuthrow) in The Parenting
Max top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #378 (Sunday, March 16 2025)
Samsung Galaxy Tab S10 FE renders
Samsung Galaxy Tab S10 FE price leak is bad news for budget-conscious buyers
Google Assistant
Gemini to kill off Google Assistant on most Android phones — here's what you need to know