Hackers are threatening to launch confidential knowledge stolen from Reddit until the corporate pays a ransom demand – and reverses its controversial API worth hikes.
In a put up on its darkish internet leak web site, the BlackCat ransomware gang, also called ALPHV, claims to have stolen 80 gigabytes of compressed knowledge from Reddit throughout a February breach of the corporate’s programs.
Reddit spokesperson Gina Antonini declined to reply TechCrunch’s questions however confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. At the time, Reddit CTO Christopher Slowe, or KeyserSosa, stated that hackers had accessed worker info and inside paperwork throughout a “highly-targeted” phishing assault. Slowe added that the corporate had “no evidence” that non-public person knowledge, similar to passwords and accounts, had been stolen.
Reddit didn’t share any additional particulars in regards to the assault or who was behind it. However, BlackCat over the weekend claimed duty for the February intrusion and threatened to leak “confidential” knowledge stolen through the breach. It’s unclear precisely what forms of knowledge the hackers have stolen, and BlackCat hasn’t shared any proof of information theft.
BlackCat was additionally linked to a March assault on Western Digital that noticed hackers steal 10 terabytes of information from the corporate, together with reams of buyer info. That identical month, the gang additionally threatened to leak knowledge allegedly stolen from Amazon-owned video surveillance firm Ring.
In a put up revealed on Saturday, titled “The Reddit Files”, BlackCat says it contacted Reddit twice – as soon as on April 13 and once more on June 16 – however didn’t obtain a response. “I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data,” BlackCat wrote. “We expect to leak the data.”
The hackers say they’re demanding $4.5 million in alternate for deleting the stolen knowledge and for Reddit to withdraw its API pricing modifications.
Reddit’s new API pricing plans have been the topic of a lot controversy in latest weeks: in style third-party Reddit app Apollo has introduced it’s closing down on account of the brand new pricing, and thousands of subreddits final week went darkish in protest of the brand new API coverage – some, together with r/music and r/movies, indefinitely.
When requested by TechCrunch, Reddit declined to say whether or not it plans to answer BlackCat’s calls for.
Reddit skilled a extra critical knowledge breach in 2018 that noticed attackers entry an entire copy of Reddit knowledge from 2007. This included usernames, hashed passwords, emails, public posts and personal messages.