Hackers threaten to leak 80GB of confidential knowledge stolen from Reddit

Hackers are threatening to launch confidential knowledge stolen from Reddit until the corporate pays a ransom demand – and reverses its controversial API value hikes. 

In a put up on its darkish net leak website, the BlackCat ransomware gang, often known as ALPHV, claims to have stolen 80 gigabytes of compressed knowledge from Reddit throughout a February breach of the corporate’s techniques. 

Reddit spokesperson Gina Antonini declined to reply TechCrunch’s questions however confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. On the time, Reddit CTO Christopher Slowe, or KeyserSosa, stated that hackers had accessed worker info and inner paperwork throughout a “highly-targeted” phishing assault. Slowe added that the corporate had “no proof” that non-public person knowledge, resembling passwords and accounts, had been stolen. 

Reddit didn’t share any additional particulars in regards to the assault or who was behind it. Nevertheless, BlackCat over the weekend claimed duty for the February intrusion and threatened to leak “confidential” knowledge stolen throughout the breach. It’s unclear precisely what kinds of knowledge the hackers have stolen, and BlackCat hasn’t shared any proof of knowledge theft. 

BlackCat was additionally linked to a March assault on Western Digital that noticed hackers steal 10 terabytes of knowledge from the corporate, together with reams of buyer info. That very same month, the gang additionally threatened to leak knowledge allegedly stolen from Amazon-owned video surveillance firm Ring.

In a put up revealed on Saturday, titled “The Reddit Recordsdata”, BlackCat says it contacted Reddit twice – as soon as on April 13 and once more on June 16 – however didn’t obtain a response. “I instructed them in my first e-mail that I might wait for his or her IPO to return alongside. However this looks like the right alternative! We’re very assured that Reddit won’t pay any cash for his or her knowledge,” BlackCat wrote. “We count on to leak the info.”

The hackers say they’re demanding $4.5 million in alternate for deleting the stolen knowledge and for Reddit to withdraw its API pricing modifications. 

Reddit’s new API pricing plans have been the topic of a lot controversy in latest weeks: widespread third-party Reddit app Apollo has introduced it’s closing down on account of the brand new pricing, and hundreds of subreddits final week went darkish in protest of the brand new API coverage – some, together with r/music and r/movies, indefinitely. 

When requested by TechCrunch, Reddit declined to say whether or not it plans to answer BlackCat’s calls for. 

Reddit skilled a extra critical knowledge breach in 2018 that noticed attackers entry an entire copy of Reddit knowledge from 2007. This included usernames, hashed passwords, emails, public posts and personal messages.