Attacker sent convincing phishing email mimicking Reddit IT, tricked employee into entering credentials and TOTP codes in real time on fake login page. Accessed internal documents, dashboards, business systems, Jira, source code, employee/contractor contact info, advertiser data. ALPHV/BlackCat claimed responsibility June 2023, claimed 80GB stolen, demanded $4.5M ransom plus withdrawal of API pricing changes. Reddit refused to pay. No evidence production systems or user passwords compromised.