Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes, TechCrunch reported.
According to TechCrunch, in a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company’s systems.
Reddit spokesperson Gina Antonini declined to answer TechCrunch’s questions, but confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. At the time, Reddit CEO Christopher Slowe, or KeyserSosa, said that hackers had accessed employee information and internal documents during a “highly-targeted” phishing attack. Slowe added that the company had “no evidence” that personal user data, such as passwords and accounts, had been stolen.
Bleeping Computer reported that on February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.
According to Bleeping Computer, the phishing attack allows the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.
As first spotted by Dominic Alvieri and shared with Bleeping Computer, the ALPHV ransomware operation, more commonly known as BlackCat, now claims to be behind the February 5th cyberattack on Reddit.
In a “Reddit Files” post on the gang’s data leak site, the threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan on leaking the data.
The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.
Bleeping Computer posted a screenshot of the information from ALPHV. Here are some:
“…I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data.
“But I am very happy to know that the public will be able to read about the statistics they track about their users and all the interesting confidential data we took. Did you know that they also silently censor users? Along with artifacts from their GitHub!”
Engadget reported that BlackCat captured information through a scheme that saw employees receive “plausible sounding prompts” to visit a website designed just like Reddit’s intranet gateway. One individual fell for the trick, allowing hackers to steal their login details and second-factor tokens. The person then self-reported their mistake, and it’s believed that the security breach didn’t compromise Reddit users’ personal information.
In my opinion, this entire problem could have been avoided if the employee had taken a moment to consider whether they were facing a phishing attack. This makes me wonder if Reddit did not bother to teach their workers not to click links in any email they receive.