Reddit Hacked in “Sophisticated Phishing” Attack: What You Need to Know

In a recent announcement, Reddit, a popular social news site, revealed that it suffered a cyberattack on February 5th, 2021. According to the company, the attackers used a “sophisticated phishing” technique to target their employees.

This article will provide more information on what happened and how Reddit has responded.

Reddit cyber attack

Hear From Our
Happy Clients

Read Our Reviews

What Happened?

On Sunday night, Reddit disclosed that the attack occurred and that they became aware of it on February 9th. The attackers accessed internal documents, codes, dashboards, and business systems. However, Reddit insists there is no evidence of a security breach on the systems running the platform and storing most of their data. While some data was stolen, including details of their advertisers, passwords and credit card information was not compromised.

Reddit Response

Reddit has already investigated the matter, but details are still scarce. The company believes that the attackers accessed their data using a targeted phishing campaign. The attackers sent “plausible-sounding prompts” to employees, which redirected them to a website posing as the company’s intranet portal. Their intention was to steal information and two-factor authentication (2FA) tokens. Unfortunately, the attackers were successful in stealing one employee’s credentials. However, this incident prompted the security team to act immediately, and the attackers’ access was removed.

The company assures its users that personal user and non-public data was not compromised, and the stolen information has not been published or distributed online. However, some internal documents, codes, and business systems were accessed.

Reddit Recommendation to Users

Reddit recommends that users protect their data, such as setting up two-factor authentication (2FA) on their accounts. The platform also suggests that users update their passwords monthly, although security professionals generally advise against this practice. A password manager can help you create a strong and hard-to-guess password or passphrase.

Despite Reddit’s assurance that personal users and businesses were not affected, it is still recommended that users change their Reddit account password. With cyberattacks, it is best to be safe than sorry. Reddit has been a victim of cyberattacks several times, and the company has always been transparent and upfront with such incidents. However, it’s worth noting that “we don’t think any of your personal data has been hacked” has become their response before they announce a large breach.


Reddit’s recent cyberattack highlights the importance of staying vigilant and protecting your data. While the company claims that personal user and non-public data was not compromised, it is still recommended that users take necessary precautions to secure their accounts. Following Reddit’s recommendations, users can add more protection and keep their data safe.

Check Out Some Of Our Awesome Client Success Stories

Air Partners and Pure IT A Collaboration for Excellence

Air Partners and Pure IT
A Collaboration for Excellence

Discover the Winning Partnership: Air Partners and Pure IT – Calgary’s IT Services Triumph! Explore their journey to IT excellence in Calgary, uncovering the keys to their success. Read more now.

Read More
October 26, 2023
Poor Cybersecurity Will Cost You Clients

Poor Cybersecurity Will Cost You Clients

Once your clients find out you’re vulnerable, they won’t stick around for long. That was the case for this legal firm—until they got in touch with Pure IT.

Read More
April 7, 2022
Local Food Brokerage Company Saves 45% On Their IT Bill

Local Food Brokerage Company Saves 45% On Their IT Bill

Our previous IT company was trying to quote us a $250,000, when we took over, we figured out what was going on, we decided to make a change.

Read More
November 3, 2021