80GB Of Sensitive Reddit Data may be compromised if the company does not comply with the hackers’ ransom demand and roll back their recent API fee increases.
The BlackCat ransomware gang, also known as ALPHV, has made a claim on its dark web leak site that it obtained 80 gigabytes of data that had been compressed from Reddit during a breach of the company’s systems that occurred in February.
Reddit spokesperson Gina Antonini declined to answer TechCrunch’s inquiries, although she did acknowledge that BlackCat’s accusations pertain to a cyber incident that was reported by Reddit on February 9. During that time period, the CTO of Reddit, Christopher Slowe, also known as KeyserSosa, stated that hackers had gained access to employee information as well as internal documents through a “highly-targeted” phishing attack. Slowe went on to say that the organization possessed “no evidence” that private user data such as passwords and accounts had been taken.
Related;Reddit CEO lashes out on protests, moderators and third-party apps
Reddit has not disclosed any additional information regarding the hack or the individual or individuals responsible for it. On the other hand, BlackCat made their claim of responsibility for the breach in February over the weekend and promised to reveal “confidential” material that was taken during the attack. It is unknown precisely what kinds of data were taken by the hackers, and BlackCat has not provided any evidence that their data was stolen.
Related;Reddit Goes Down Just As A Site-Wide Protest Against Its Unpopular New API Policy kicks Off
BlackCat was also connected to an attack that took place in March on Western Digital. This attack resulted in the theft of ten gigabytes of data from the company, including a vast amount of client information. During the same month, the gang also made threats to publish data that they had purportedly taken from Ring, a video surveillance firm owned by Amazon.
BlackCat claims in an article that was published on Saturday and headlined “The Reddit Files” that it contacted Reddit twice (first on April 13 and again on June 16) but did not receive a response from the website either time. “I informed them in the very first email that I sent them that I would wait till their IPO came along. However, it looks like the right time to take advantage of this chance! BlackCat stated in their post that they are “very confident that Reddit will not pay any money for their data.” “We anticipate there will be a data leak.”
Related;Here’s the note Reddit sent to moderators threatening them if they don’t reopen
The hackers have made it clear that they want $4.5 million in exchange for erasing the data they obtained and for Reddit to roll back its API pricing increases.
The new pricing plans for Reddit’s application programming interface (API) have been the subject of much debate in recent weeks: a popular third-party Reddit app called Apollo has announced that it will be shutting down as a result of the new pricing, and thousands of subreddits went dark in protest of the new API policy last week; some of these subreddits have remained dark indefinitely, such as r/music and r/videos.
Reddit refused to comment when questioned by TechCrunch about whether or not it intends to reply to the demands made by BlackCat.
A more catastrophic data breach occurred at Reddit in 2018, during which attackers gained access to a complete copy of Reddit data dating back to 2007. This comprised login names, passwords that had been hashed, e-mail addresses, public posts, and private messages.
Follow our socials Whatsapp, Facebook, Instagram, Twitter, and Google News.
