Reddit suffered a cyberattack Sunday night, permitting hackers to entry inside enterprise techniques and steal inside paperwork and supply code.

The corporate says the hackers used a phishing lure focusing on Reddit staff with a touchdown web page impersonating its intranet web site. This web site tried to steal staff’ credentials and two-factor authentication tokens.

After one worker fell sufferer to the phishing assault, the risk actor was capable of breach inside Reddit techniques to steal knowledge and supply code.

“After efficiently acquiring a single worker’s credentials, the attacker gained entry to some inside docs, code, in addition to some inside dashboards and enterprise techniques,” explains Reddit of their safety incident discover.

“We present no indications of breach of our major manufacturing techniques (the elements of our stack that run Reddit and retailer the vast majority of our knowledge).”

Reddit says they realized of the breach after the worker self-reported the incident to the corporate’s safety group.

After investigating the incident, Reddit says the stolen knowledge contains restricted contact info for firm contacts and present and former staff.

The information additionally included some particulars in regards to the firm’s advertisers however bank card info, passwords, and advert efficiency was not accessed.

Reddit additionally says that there are not any indications that the risk actors had been capable of breach manufacturing techniques used to run the web site.

Whereas Reddit has not shared any particulars relating to the phishing assault, they referenced an identical assault used to breach Riot Video games.

In that assault, risk actors breached Riot Video games and stole supply code for League of Legends (LoL) multiplayer on-line battle area, the Teamfight Ways (TFT) auto battler recreation, and a legacy anti-cheat platform.

The sport firm later acquired and refused a $10 million ransom demand for the information to not be leaked. The hacker later tried to public sale the supply for League of Legends for $10 million on a hacker discussion board.

BleepingComputer has contacted Reddit with additional questions however a reply was not instantly out there.