In a worrying move, hackers have given a severe ultimatum to Reddit, threatening to release 80GB of critical data unless they get a ransom payment and the platform’s recent API pricing increases are reversed. In a recent disclosure on a dark web leak site, the BlackCat ransomware organization, also known as ALPHV, claimed responsibility for the February breach that resulted in the theft of compressed data from Reddit’s computers.
The company’s CTO, Christopher Slowe (also known as KeyserSosa), revealed that the breach was made possible by a highly targeted phishing assault during the initial cyber incident that was reported by Reddit on February 9. Internal papers and employee information were hacked, however there was no concrete proof that passwords or other personal user information had been compromised.
Reddit braces for potential breach by BlackCat hackers
While BlackCat brazenly emerged over the weekend, confessing their role in the February incursion and stating their goal to publish “confidential” material stolen during the hack, Reddit has refrained from providing additional details about the breach or the perpetrators behind it. The particular nature of the data that was stolen is still unknown, and BlackCat has not provided any supporting documentation for its theft claims.
Notably, BlackCat has recently been connected to other famous hacks. The organization was able to effectively breach Western Digital in March and take 10 gigabytes of data, including a significant amount of customer data. The group also threatened Ring, a firm that makes video surveillance equipment and is owned by Amazon, claiming to have stolen data from their systems.
BlackCat said that they had contacted Reddit twice, on April 13 and June 16, but had not heard back on either occasion in a piece titled “The Reddit Files,” which was posted on Saturday. BlackCat expressed their displeasure and explained their intentions, saying they were sure Reddit would not accede to their requests, which included a hefty $4.5 million ransom in exchange for the deletion of the stolen data and the undoing of Reddit’s API pricing changes.
Reddit declined to reply
Reddit’s recent changes to its API pricing options have generated a great deal of debate and had far-reaching effects. Notably, a well-known third-party Reddit app called Apollo has indicated that it will soon shut down as a direct result of the new price scheme. In addition, many subreddits, including well-known ones like r/music and r/videos, protested the new API policy by briefly going dark, and some of them did so forever.
Reddit declined to reply when asked about their response to BlackCat’s demands, keeping their course of action a secret.
It is important to note that Reddit suffered a more serious data breach in 2018, during which attackers had access to an exact replica of Reddit data going back to 2007. Various user data, including usernames, hashed passwords, emails, public postings, and private messages, were compromised as a result of this incident.
By the way, The Redditors’ revolt has begun…
Featured image credit: Brett Jordan from Pexels.
