The Reddit discussion platform disclosed information about the incident, as a result of which unknown persons gained access to the internal systems of the service. The systems were compromised as a result of compromised credentials of one of the employees who became a victim of phishing (the employee entered his credentials and confirmed the two-factor authentication login on a fake site that mimics the interface of the company's internal gateway).
With the help of a captured account, the attackers were able to gain access to the company's internal documents and the current source code of the platform (once Reddit officially published almost all of its code, with the exception of anti-spam systems, but 5 years ago curtailed this practice). According to Reddit, the attackers did not gain access to users' personal data and primary systems that ensure the operation of the site and the Reddit Ads advertising network.
Source: opennet.ru