Reddit, Inc. A.I CyberSecurity Scoring
Reddit, Inc.
Company Information
Website:http://redditinc.com
Employees number:4,984
Number of followers:502,988
NAICS:514
Industry Type:Social Networking Platforms
Homepage:redditinc.com
Reddit, Inc. Risk Score (AI oriented)
Between 750 and 799
Reddit, Inc.Social Networking Platforms
Updated:
09/07/2026
09/07/2026
764/1000
Fair
Baa
Reddit, Inc. Global Score (TPRM)
xxxx
Reddit, Inc.Social Networking Platforms
Score locked

Reddit, Inc.Fair
Current Score
764Baa (FAIR)
01000
4 incidents
-15 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
777
Cyber Attack
09 Jul 2026 • Reddit, Inc.
Discord and Reddit: The fake report message that ends with a stolen Reddit account
Reddit, Discord Users Targeted in Social Engineering Scam Stealing Accounts
762
HIGH-15
REDDIS1783578283
Reddit, Discord Users Targeted in Social Engineering Scam Stealing Accounts
A sophisticated social engineering scam is spreading across Reddit, Discord, and similar platforms, tricking users into handing over login or verification codes no malware or malicious links required. The attack begins with a direct message from a stranger, often claiming the recipient’s account was mistakenly reported or that the sender’s own account was flagged due to the user’s actions.
Scammers maintain engagement by feigning innocence, avoiding arguments, and even asking victims for help "clearing things up." The next phase involves fake "proof" a fabricated email or Discord message posing as official Reddit correspondence, complete with a ticket number, legal threats, and a countdown to suspension. Some versions redirect victims to a fake Reddit moderator or employee on Discord.
The final step is the request for a verification code. The scammer claims a Reddit "supervisor" needs it to confirm the victim’s innocence, then triggers a real login or recovery attempt. When Reddit sends the code to the victim, the scammer uses it to hijack the account, change the password, and lock out the owner. In some cases, victims are coerced into updating their account’s email to one controlled by the attacker, followed by extortion demands such as gift cards to avoid account deletion or misuse.
Reddit’s official processes never involve direct contact between reported users or verification via unsolicited messages. Appeals are handled internally, with no detours to personal Discord accounts. The scam exploits urgency and trust, but basic precautions keeping verification codes private, refusing email changes for strangers, and enabling two-factor authentication can neutralize it. Users who lose access should rely on Reddit’s official recovery tools at reddit.com.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2026
776
MAY 2026
773
APRIL 2026
773
MARCH 2026
772
FEBRUARY 2026
771
JANUARY 2026
770
DECEMBER 2025
769
NOVEMBER 2025
768
OCTOBER 2025
768
SEPTEMBER 2025
767
AUGUST 2025
766
MAY 2025
781
Cyber Attack
01 May 2025 • Reddit, Inc.
Reddit: Alleged Scattered Spider hacker extradited to the United States
U.S.-Estonian Teen Extradited in Scattered Spider Hacking Case
762
CRITICAL-19
RED1782988216
U.S.-Estonian Teen Extradited in Scattered Spider Hacking Case
A 19-year-old dual U.S. and Estonian citizen, Peter Stokes known online as "Bouquet," "Spencer," and "Jordan" has been extradited to the U.S. to face charges tied to his alleged role in the Scattered Spider hacking collective. Stokes was arrested in Finland on April 10 after attempting to board a flight to Japan at Helsinki Airport.
Court documents accuse Stokes of participating in at least four major breaches, including a March 2023 attack on an online communication platform when he was just 16 years old. Among the victims was an unnamed multibillion-dollar luxury retailer, targeted in May 2025 through a social engineering scheme. Hackers posed as employees to trick the company’s IT helpdesk into resetting credentials, gaining access to administrator accounts. Though the group demanded an $8 million ransom claiming to have stolen 100GB of data the company refused to pay, incurring over $2 million in operational and remediation costs.
Stokes faces charges of fraud, conspiracy, and computer intrusion following his court appearance in Chicago on Tuesday. He remains in custody.
Scattered Spider, also tracked as 0ktapus, Octo Tempest, and UNC3944, is a loosely organized hacking group active since 2022, primarily composed of teenagers and young adults from the U.S. and U.K. The collective is notorious for social engineering, MFA bombing (MFA fatigue), and SMS phishing to steal credentials and deploy ransomware. Prosecutors allege they use tools like the Genymobile Android emulator and have deployed the DragonForce encryptor in attacks on U.K. retailers.
The group’s high-profile victims include Caesars, MGM Resorts, Riot Games, DoorDash, Reddit, MailChimp, Twilio, Allianz Life, Transport for London (TfL), Co-op, Marks & Spencer, Harrods, WestJet, and Jaguar Land Rover. According to the U.S. Department of Justice, Scattered Spider has been linked to over 100 network intrusions, resulting in more than $100 million in ransom payments and millions in additional damages. The FBI’s Cyber Division has highlighted the group’s disruptive impact on critical operations across multiple industries.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2023
801
Breach
01 Feb 2023 • Reddit, Inc.
Reddit, Inc.
Reddit Data Breach
758
MEDIUM-43
RED55725623
A breach on Reddit gave hackers access to its internal business systems, where they were able to seize documents and source code.
According to the business, the hackers pretended to be its intranet site in order to ensnare Reddit employees with a phishing bait. This website attempted to steal the two-factor authentication tokens and employee login information.
The threat actor was able to infiltrate internal Reddit systems to take data and source code after one employee fell for the phishing scam.
Reddit reports that the stolen data includes limited contact information for business contacts as well as for current and former workers after looking into the matter.
The data also contained some information regarding the firm's advertisers, but no access was made to credit card numbers, passwords, or ad performance.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JUNE 2007
802
Breach
16 Jun 2007 • Reddit, Inc.
Reddit, Inc.
Reddit Data Breach
759
LOW-43
RED239080425
The California Office of the Attorney General reported that Reddit, Inc. experienced a data breach on June 14, 2018. The breach involved compromised account credentials from 2007, specifically usernames and salted password hashes. The breach affected an unknown number of users, and the report was published on September 4, 2018.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Reddit, Inc. ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in June 2026 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in May 2026 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in April 2026 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in March 2026 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in February 2026 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in January 2026 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in December 2025 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in November 2025 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in October 2025 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in September 2025 ??
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Reddit, Inc.'s A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Reddit, Inc. ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Reddit, Inc.'s profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?