Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes, TechCrunch reported.

According to TechCrunch, in a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company’s systems.

Reddit spokesperson Gina Antonini declined to answer TechCrunch’s questions, but confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. At the time, Reddit CEO Christopher Slowe, or KeyserSosa, said that hackers had accessed employee information and internal documents during a “highly-targeted” phishing attack. Slowe added that the company had “no evidence” that personal user data, such as passwords and accounts, had been stolen.

Bleeping Computer reported that on February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.

According to Bleeping Computer, the phishing attack allows the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.

As first spotted by Dominic Alvieri and shared with Bleeping Computer, the ALPHV ransomware operation, more commonly known as BlackCat, now claims to be behind the February 5th cyberattack on Reddit.

In a “Reddit Files” post on the gang’s data leak site, the threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan on leaking the data.

The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.

Bleeping Computer posted a screenshot of the information from ALPHV. Here are some:

“…I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data.

“But I am very happy to know that the public will be able to read about the statistics they track about their users and all the interesting confidential data we took. Did you know that they also silently censor users? Along with artifacts from their GitHub!”

Engadget reported that BlackCat captured information through a scheme that saw employees receive “plausible sounding prompts” to visit a website designed just like Reddit’s intranet gateway. One individual fell for the trick, allowing hackers to steal their login details and second-factor tokens. The person then self-reported their mistake, and it’s believed that the security breach didn’t compromise Reddit users’ personal information.

In my opinion, this entire problem could have been avoided if the employee had taken a moment to consider whether they were facing a phishing attack. This makes me wonder if Reddit did not bother to teach their workers not to click links in any email they receive.

At midnight on Tuesday, the moderators of the Reddit community r/Gaming decided to go dark, CNBC reported. Dac Croach, who goes by the username Dacvack, and the subreddits’s other leaders hit the private button, initiating a 48-hour shutdown for the group’s more than 37 million members, along with anyone else who tried to access the community.

They were joining a large-scale protest against Reddit, which was about to implement a business change that would dramatically increase the price for third-party developers to use the company’s application programming interface, or API. In the preceding days, the r/Gaming moderators had run a poll indicating that users would support a shutdown. They discussed the results on Slack, and then went offline.

According to CNBC, the widespread protest of one of the internet’s most-trafficked sites started early this week and quickly expanded to more than 8,000 subreddits, including the widely popular r/Funny, with over 40 million members, along with r/Music and r/Science, each boasting over 30 million users.

Techradar reported that Reddit’s CEO wants to bring an end to the Reddit Blackout, but not by agreeing to reverse the company’s upcoming API changes. Instead, he has suggested that users should be able to vote out the moderators leading the protest that’s keeping large chunks of Reddit in the dark.

Thanks to the blackout, Reddit (and by extension Google) feels like a shell of itself for many users. The initially two-day-long protest has been extended by many of its subreddit communities, with 4,906 still set to private or restricted – including Reddit’s largest community r/Funny. While private users are unable to post or read content from the subreddit, restricted subreddits have merely banned new posts (but old posts can still be read).

TechCrunch reported that Reddit CEO Steve Huffman is not backing down amid protests against API changes made by the platform. In interviews with The Verge, NBCNews, and NPR, Huffman defended business decisions made by the company to charge third-party apps saying the API wasn’t designed to support these clients.

According to TechCrunch, the Reddit co-founder also talked about protesting moderators, changing site rules, and profitability in these interviews. The platform is facing one of its strongest backlashes from the community, but the CEO seemingly doesn’t want to budge.

In response to Huffman’s comments, TechCrunch reported, that moderators are trying to find ways to make blackouts effective. Alternatively, some communities are also setting up servers on alternative sits like Lemmy and Kibn.

NPR reported that Reddit, which was founded in 2005, has long relied on advertising. It, along with peer social media platforms Facebook, Instagram, Snap, YouTube and others, has been dealing with a slowdown in digital ad spending, which has pressured the companies to find new ways to generate revenue.

Personally, I think that the people who participated in the blackout are not going to back down. The longer the protest lasts, the less likely that companies who want to place ads in Reddit will choose to do that. I think the CEO probably made a big mistake when he jacked up the price for third-party Reddit apps.

The popular online forum Reddit experienced outages hours after thousands of Reddit communities launched a protest against its policy to charge third-party apps for data access, NBC News reported.

“A significant number of subreddits shifting to private caused some unexpected stability issues, and we’ve been working on resolving the anticipated issue,” Reddit said in a statement to NBC News.

During an outage Monday morning, the website’s front page showed empty Reddit posts with the message: “Something went wrong. Just don’t panic.” Users were unable to load posts on it until the platform resumed working again.

According to NBC News, the #RedditBlackout hashtag started trending on Twitter after the blackout began, with more than 4,238 tweets associated with the term as of Monday. Reddit was trending with more than 112,000 searches on the social media platform. Twitter users as early as 9 a.m. noted that Reddit was experiencing technical issues.

One user’s tweet about the Reddit outage received more than 80,000 views within an hour. “Nice to see even Reddit itself getting in on the Reddit Blackout today,”, the user wrote.

The Verge reported that in an internal memo sent Monday afternoon to Reddit staff, CEO Steve Huffman addressed the recent blowback directed at the company, telling employees to block out the “noise” and that the ongoing blackout of thousands of subreddits will eventually pass.

The Verge received a copy of an internal memo sent Monday afternoon to Reddit staff. Here is part of the memo:

“…Starting last night, about a thousand subreddits have gone private. We do not anticipate many of them will come back by Wednesday, as many have said as much. While we knew this was coming, it is a challenge nevertheless and we have our work cut out for us. A number of Snoos have been working around the clock, adapting to infrastructure strains, engaging with communities, and responding to the myriad of issues related to this blackout. Thank you team.

We have not seen any significant revenue impact so far and we will continue to monitor.

There’s a lot of noise with this one. Among the noisiest we’ve seen. Please know that our teams are on it, and like all blowups on Reddit, this one will pass as well. The most important things we can do right now are to stay focused, adapt to challenges, and keep moving forward. We absolutely must ship what we said we would. The only long term solution is improving our product, and in the short term we have a few upcoming critical mod tool launches we need to nail…

…I am sorry to say this, but please be mindful or wearing Reddit gear in public. Some folks are really upset, and we don’t want you to be the object of their frustrations…”

In my opinion, this memo is a bit shortsighted. The CEO thinks that this will blow over and things will go right back to “normal”. Based on the sheer number of subreddits that have gone private, it appears that many people are not thrilled with Reddits’ decisions right now. As such, I think the private subreddits could stay private for a long time.

The version of Reddit we’ll see over the next few days may be a shell of itself. More than 100 subreddits have already gone dark, and thousands more plan to follow in protest of Reddit’s coming API changes, according to the website Reddark, which is tracking the protests, The Verge reported.

The protests are happening over API changes that will force many third-party apps, like Apollo and rif is fun for Reddit, to shut down. Frustration was already brewing in the community as developers began reacting to the changes this week, but Reddit CEO Steve Huffman’s responses in recent days have only escalated the community’s pushback.

The Verge also reported that most of the subreddits have pledged to go private – preventing outside access – for 48 hours, though some, like the 26 million-member community r/videos, have said they’ll remain private indefinitely. According to this post on r/ModCoord, protests will end when Reddit addresses issues with the API, improves accessibility for blind people, and creates “parity in access to NSFW content.”

The Guardian reported that some of the largest communities on Reddit will lock their doors in protest at the social news site’s decision to try and monetise access to its data.

More than 3,000 subreddits have joined the protest, and will go “private” on Monday, preventing anyone outside the community from seeing their posts.

According to The Guardian, forums such as r/todayilearned, r/funny and r/gaming, with more than 30 million subscribers apiece, have signed up to join the campaign, while others with 1 million plus members, including r/iPhone and r/unexpected, have already closed their doors in anticipation of the strike.

The protest is over a set of forthcoming changes to the site’s “API”, which lets other companies use reddit data in their own products and services.

The changes will introduce huge charges for “premium access”, effectively killing off popular third-party Reddit apps such as Apollo, which let users browse the site with a customizable interface.

Reddark appears to be keeping track of subreddits that are going dark or read-only on June 12th and after. You can scroll through Reddark to see which ones are going dark. Above the list of subreddits, it says “5497/7047 subreddits are currently dark.”

Mashable reported that CEO and co-founder of Reddit Steve Huffman stated: “Reddit needs to be a self-sustaining business, and to do that, we can no longer subsidize commercial entities that require large-scale data use.”

Personally, I am in favor of the Reddark protest. The CEO appears to be interested in selling the data created by Reddit users, and wants to price-out the app makers. Thousands of subreddits going dark is a good way to do a protest. If no one posts anything on Reddit, the CEO won’t get any new data to steal and sell.