Hackers threaten to leak stolen Reddit data if company doesn’t pay US$4.5 million
Reddit’s month could also be going from unhealthy to worse.
Hackers from the BlackCat ransomware gang, often known as ALPHV, are threatening to leak 80 gigabytes of confidential information from Reddit that they declare to have stolen throughout a February breach, based on a submit from the group on the darkish internet, which was reviewed by CNN and an unbiased cybersecurity professional.
In their submit, the hackers declare they first demanded a US$4.5 million payout “for the deletion of the data and our silence” in April. After receiving no response, the group mentioned it adopted up on Friday with a further demand: Reddit ought to withdraw a controversial new pricing coverage that has sparked a protest from a number of the platform’s most influential customers.
Reddit CTO Chris Slowe beforehand posted a couple of safety incident that befell in early February. In the submit, Slowe mentioned the corporate’s “systems were hacked as a result of a sophisticated and highly-targeted phishing attack,” with hackers accessing “some internal documents, code, and some internal business systems.” Only worker information was accessed, based on the submit.
A Reddit spokesperson confirmed to CNN on Monday that BlackCat’s submit pertains to the February incident. The spokesperson reiterated that no consumer information was accessed, however declined to remark past that.
More than 6,000 Reddit boards went darkish final Monday in what was speculated to be a two-day protest over the corporate’s plan to start charging steep charges for some third get together apps to entry its platform. Per week later, greater than 3,500 Reddit boards stay darkish.
While the ransom word seems to help the protestors’ trigger, some consultants are skeptical of BlackCat’s precise motives.
“I suspect that ALPHV doesn’t actually care about the API pricing. They simply want future victims to see how much ongoing harm they can cause to increase the likelihood of them deciding that payment is the least painful option,” mentioned Brett Callow, risk analyst at cybersecurity agency Emsisoft, who reviewed the submit on the darkish internet.
BlackCat, for its half, mentioned it doesn’t count on Reddit to fulfill its calls for.
“We are very confident that Reddit will not pay for its data,” the group wrote within the submit on the darkish internet. “We expect to leak the data.”
