Well this sucks. I’m a fan of Reddit so it’s always bad to hear when breaches like this happen. In short, here is a summary of what happened.
“Reddit suffered a cyberattack Sunday evening, allowing hackers to access internal business systems and steal internal documents and source code.
The company says the hackers used a phishing lure targeting Reddit employees with a landing page impersonating its intranet site. This site attempted to steal employees’ credentials and two-factor authentication tokens.”
One key takeaway from this is how it occurred. According to a post on Bleeping computer found HERE, the cause was due to a successful phishing attack. The attack resulted in stolen credentials allowing the threat actor to log in and see internal secrets. See the Bleeping post for more details.