Hackers have threatened to leak approximately 80 GB of confidential data stolen from Reddit unless the company pays a ransom demand and reverses its recent controversial API price hikes. Explore more.
The BlackCat ransomware gang, also known as ALPHV, claims responsibility for the breach that occurred in February.
In a post on their dark web leak site, the hackers stated that they had successfully breached Reddit’s systems and stolen compressed data during a highly-targeted phishing attack. While Reddit confirmed the cyber incident in February, they did not provide further details regarding the attack or the identity of the perpetrators.
Although Reddit stated that they had no evidence of personal user data being compromised, BlackCat recently threatened to leak the confidential data they allegedly obtained during the breach. However, the specific types of stolen data have not been disclosed, and the hackers have not provided any evidence to support their claims.
It’s worth noting that BlackCat was also involved in a separate attack on Western Digital in March, during which they stole 10 terabytes of data, including customer information. The group also claimed responsibility for stealing data from Ring, an Amazon-owned video surveillance company.
Must read: Reddit Blackout: Subreddits to Go Private on Monday.
In a post titled “The Reddit Files,” BlackCat revealed that they had contacted Reddit twice but received no response. They stated their demand for a $4.5 million ransom in exchange for deleting the stolen data and for Reddit to reverse its API pricing changes, which have caused significant controversy in recent weeks.
The new API pricing plans have led to the closure of the popular third-party Reddit app Apollo and the temporary shutdown of numerous subreddits in protest.
When questioned about their response to BlackCat’s demands, Reddit declined to comment. It’s worth noting that Reddit experienced a significant data breach in 2018, where attackers gained access to a complete copy of Reddit data from 2007. The breach exposed usernames, hashed passwords, emails, public posts, and private messages.
The situation raises concerns about the security and protection of confidential user data on popular platforms like Reddit. It highlights the ongoing challenges companies face in safeguarding user information and the increasing sophistication of cybercriminals. As the situation unfolds, it remains to be seen how Reddit will respond to the hackers’ demands and mitigate the potential impact of a data leak.
