Reddit

Reddit operates as a major social media and online community platform, structured around user-created communities known as subreddits. These subreddits cover an immense range of topics, from niche interests to major news and entertainment, facilitating discussion, content sharing, and news aggregation. The service is accessible globally, with its headquarters located in the United States of America. Its core function is to host these diverse forums, making it a significant hub for public discourse and information exchange on the internet. The platform's scale is evident in its reach, with individual high-traffic subreddits noted as having tens of millions of subscribers, indicating a vast and active user base. Reddit's business model is primarily advertising-based, serving a broad market of general internet users, specific interest groups, and advertisers seeking targeted audiences. A key distinguishing attribute is its decentralized, community-moderated structure, where volunteer moderators manage individual subreddits, creating a unique governance model among large social platforms. This structure, while fostering diverse communities, has also presented specific security challenges related to moderator account security, as seen in multiple historical incidents.

The organisation's operational context is notably shaped by a documented history of security incidents that have influenced its security posture. These events have involved various attack vectors, including sophisticated phishing targeting employees, compromise of moderator accounts lacking strong authentication, and breaches of third-party service providers. A significant 2023 incident resulted in the theft of internal source code and documents, though primary user data systems were reportedly unaffected. Earlier breaches exposed historical user data backups and led to the defacement of numerous popular communities. These recurring incidents highlight the platform's attractiveness to attackers and the critical importance of securing both employee and high-privilege user accounts. In response to these events, Reddit has implemented enhanced security measures over time, such as migrating away from vulnerable authentication methods like SMS-based two-factor authentication, improving logging, and mandating password resets following data exposures. The company's approach involves internal security reviews, law enforcement notification, and user communication following breaches. While the platform has faced challenges in uniformly enforcing strong security practices across its vast moderator base and has experienced data theft, its core service has persisted, demonstrating resilience. The incidents underscore Reddit's role as a high-value target due to its cultural significance and the sensitive internal data it holds, positioning it as an organisation that must continuously balance open community governance with robust cybersecurity defenses.