Hackers steal data, demands $4.5 mn from Reddit and tweaks in API policy

A ransomware gang has claimed responsibility for the cyberattack on Reddit in February and has demanded money and policy changes in exchange for 80GB data stolen from the server

A cyberattack on the online platform Reddit in February was carried out by a group called BlackCat (also known as ALPHV) ransomware gang who is now demanding $4.5 million and for Reddit to not follow through with the new API rules.

According to a report by Bleeping Computer, the ransomware group that has claimed to have stolen this data are the same group responsible for the attack back in February.

The report added that BlackCat stole 80GB of data and has tried to contact Reddit twice, demanding $4.5 million to delete the data. They threatened to leak the data if Reddit didn't pay. Furthermore, they demanded that the platform did not carry through with the new API pricing that is set to start in July and has invoked protests from redditors worldwide.

It is unclear if Reddit responded to their demands. However, in an interview with the Verge, CEO Steve Huffman stated that the API pricing changes were a business decision and the platform was not designed to support third-party apps, therefore, the company would not roll back on its proposed changes.

Phishing attack in February

As previously reported by the Business Standard, the online discussion forum was hacked in February in a “sophisticated, highly-targeted phishing attack.” According to the platform’s chief technology officer, Christopher Slowe, or KeyserSosa, the company was hacked after the attacker managed to obtain a single employee’s credentials and obtain access to internal documents, codes, dashboards and business systems. The phishing attack allowed the hackers to access Reddit's systems and steal internal documents, source code, employee information, and some data about the company's advertisers.

At the time, Slowe wrote in a post that there was no indication that any information of users was not already public. Therefore, user passwords, accounts, and credit card information were not affected. had been accessed but promised to fortify their security skills

Bleeping Computers also reported that BlackCat did not encrypt devices during this attack. Moreover, the same group is believed to be behind a similar attack on Western Digital, causing a major outage to the company's ‘My Cloud’ cloud service in March 2023. Western Digital confirmed the breach and sent data breach notifications to affected customers according to the report.