Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Reddit, Inc.

Reddit, Inc. Vendor Cyber Rating & Cyber Score

redditinc.com

Reddit is the heart of the internet, where millions of people get together to talk about any topic imaginable. Share, vote, and decide what matters in everything from breaking news, to fandoms, lifehacks, gaming, sports, health, and the internet’s cutest animals. With over 100,000 subreddit communities about every topic you could think of (and thousands more you couldn’t), whatever it is, there’s a place for you on Reddit. Interested in joining our growing team? Check out redditinc.com/careers.


Reddit, Inc. A.I CyberSecurity Scoring

Reddit, Inc.
Company Information
Website:http://redditinc.com
Employees number:4,984
Number of followers:502,988
NAICS:514
Industry Type:Social Networking Platforms
Homepage:redditinc.com
Reddit, Inc. Risk Score (AI oriented)
Between 750 and 799
logo
Reddit, Inc.Social Networking Platforms
Updated:
09/07/2026
764/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Reddit, Inc. Global Score (TPRM)
xxxx
logo
Reddit, Inc.Social Networking Platforms
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Reddit, Inc.
Reddit, Inc.Fair
Current Score
764Baa (FAIR)
01000
4 incidents
-15 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
777Before Incident
Cyber Attack
09 Jul 2026Reddit, Inc.
Discord and Reddit: The fake report message that ends with a stolen Reddit account

Reddit, Discord Users Targeted in Social Engineering Scam Stealing Accounts

762After Incident
HIGH-15
REDDIS1783578283
Reddit, Discord Users Targeted in Social Engineering Scam Stealing Accounts A sophisticated social engineering scam is spreading across Reddit, Discord, and similar platforms, tricking users into handing over login or verification codes no malware or malicious links required. The attack begins with a direct message from a stranger, often claiming the recipient’s account was mistakenly reported or that the sender’s own account was flagged due to the user’s actions. Scammers maintain engagement by feigning innocence, avoiding arguments, and even asking victims for help "clearing things up." The next phase involves fake "proof" a fabricated email or Discord message posing as official Reddit correspondence, complete with a ticket number, legal threats, and a countdown to suspension. Some versions redirect victims to a fake Reddit moderator or employee on Discord. The final step is the request for a verification code. The scammer claims a Reddit "supervisor" needs it to confirm the victim’s innocence, then triggers a real login or recovery attempt. When Reddit sends the code to the victim, the scammer uses it to hijack the account, change the password, and lock out the owner. In some cases, victims are coerced into updating their account’s email to one controlled by the attacker, followed by extortion demands such as gift cards to avoid account deletion or misuse. Reddit’s official processes never involve direct contact between reported users or verification via unsolicited messages. Appeals are handled internally, with no detours to personal Discord accounts. The scam exploits urgency and trust, but basic precautions keeping verification codes private, refusing email changes for strangers, and enabling two-factor authentication can neutralize it. Users who lose access should rely on Reddit’s official recovery tools at reddit.com.
INCIDENT DETAILS -
TYPE
Social Engineering Scam
MOTIVATION
Account Hijacking, Extortion
IMPACT
Data Compromised: Account credentials, verification codesSystems Affected: User accounts on Reddit and DiscordOperational Impact: Account lockouts, unauthorized accessBrand Reputation Impact: Potential erosion of user trust in platform securityIdentity Theft Risk: High (account hijacking, email changes)
DATA BREACH
Type Of Data Compromised: Account credentials, verification codesSensitivity Of Data: High (account access, personal communication)Personally Identifiable Information: Potentially (account details, email addresses)
JUNE 2026
776Before Incident
MAY 2026
773Before Incident
APRIL 2026
773Before Incident
MARCH 2026
772Before Incident
FEBRUARY 2026
771Before Incident
JANUARY 2026
770Before Incident
DECEMBER 2025
769Before Incident
NOVEMBER 2025
768Before Incident
OCTOBER 2025
768Before Incident
SEPTEMBER 2025
767Before Incident
AUGUST 2025
766Before Incident
MAY 2025
781Before Incident
Cyber Attack
01 May 2025Reddit, Inc.
Reddit: Alleged Scattered Spider hacker extradited to the United States

U.S.-Estonian Teen Extradited in Scattered Spider Hacking Case

762After Incident
CRITICAL-19
RED1782988216
U.S.-Estonian Teen Extradited in Scattered Spider Hacking Case A 19-year-old dual U.S. and Estonian citizen, Peter Stokes known online as "Bouquet," "Spencer," and "Jordan" has been extradited to the U.S. to face charges tied to his alleged role in the Scattered Spider hacking collective. Stokes was arrested in Finland on April 10 after attempting to board a flight to Japan at Helsinki Airport. Court documents accuse Stokes of participating in at least four major breaches, including a March 2023 attack on an online communication platform when he was just 16 years old. Among the victims was an unnamed multibillion-dollar luxury retailer, targeted in May 2025 through a social engineering scheme. Hackers posed as employees to trick the company’s IT helpdesk into resetting credentials, gaining access to administrator accounts. Though the group demanded an $8 million ransom claiming to have stolen 100GB of data the company refused to pay, incurring over $2 million in operational and remediation costs. Stokes faces charges of fraud, conspiracy, and computer intrusion following his court appearance in Chicago on Tuesday. He remains in custody. Scattered Spider, also tracked as 0ktapus, Octo Tempest, and UNC3944, is a loosely organized hacking group active since 2022, primarily composed of teenagers and young adults from the U.S. and U.K. The collective is notorious for social engineering, MFA bombing (MFA fatigue), and SMS phishing to steal credentials and deploy ransomware. Prosecutors allege they use tools like the Genymobile Android emulator and have deployed the DragonForce encryptor in attacks on U.K. retailers. The group’s high-profile victims include Caesars, MGM Resorts, Riot Games, DoorDash, Reddit, MailChimp, Twilio, Allianz Life, Transport for London (TfL), Co-op, Marks & Spencer, Harrods, WestJet, and Jaguar Land Rover. According to the U.S. Department of Justice, Scattered Spider has been linked to over 100 network intrusions, resulting in more than $100 million in ransom payments and millions in additional damages. The FBI’s Cyber Division has highlighted the group’s disruptive impact on critical operations across multiple industries.
INCIDENT DETAILS -
TYPE
ransomwaredata breachsocial engineering
MOTIVATION
financial gaindata exfiltration
IMPACT
Financial Loss: $2 million (operational and remediation costs)Data Compromised: 100GB of data claimed to be stolenOperational Impact: Disruptive impact on critical operations
DATA BREACH
Data Exfiltration: Yes (100GB claimed)
FEBRUARY 2023
801Before Incident
Breach
01 Feb 2023Reddit, Inc.
Reddit, Inc.

Reddit Data Breach

758After Incident
MEDIUM-43
RED55725623
A breach on Reddit gave hackers access to its internal business systems, where they were able to seize documents and source code. According to the business, the hackers pretended to be its intranet site in order to ensnare Reddit employees with a phishing bait. This website attempted to steal the two-factor authentication tokens and employee login information. The threat actor was able to infiltrate internal Reddit systems to take data and source code after one employee fell for the phishing scam. Reddit reports that the stolen data includes limited contact information for business contacts as well as for current and former workers after looking into the matter. The data also contained some information regarding the firm's advertisers, but no access was made to credit card numbers, passwords, or ad performance.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Data Theft
IMPACT
Limited contact information for business contactsLimited contact information for current and former workersInformation regarding the firm's advertisersInternal business systems
DATA BREACH
Limited contact information for business contactsLimited contact information for current and former workersInformation regarding the firm's advertisers
JUNE 2007
802Before Incident
Breach
16 Jun 2007Reddit, Inc.
Reddit, Inc.

Reddit Data Breach

759After Incident
LOW-43
RED239080425
The California Office of the Attorney General reported that Reddit, Inc. experienced a data breach on June 14, 2018. The breach involved compromised account credentials from 2007, specifically usernames and salted password hashes. The breach affected an unknown number of users, and the report was published on September 4, 2018.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
usernamessalted password hashes
DATA BREACH
usernamessalted password hashesNumber Of Records Exposed: Unknown

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Reddit, Inc. ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in June 2026 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in May 2026 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in April 2026 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in March 2026 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in February 2026 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in January 2026 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in December 2025 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in November 2025 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in October 2025 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in September 2025 ?
?
What was Reddit, Inc.'s A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Reddit, Inc.'s A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Reddit, Inc. ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Reddit, Inc.'s profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?