Reddit, the popular social media platform, is grappling with a ransom threat from a hacking group known as BlackCat, also referred to as ALPHV.
The hackers claim to have stolen approximately 80 gigabytes of compressed data during a breach that occurred in February this year. They have threatened to release the confidential information unless Reddit pays a ransom and rolls back its controversial API price increases.
The breach, confirmed by Reddit’s spokesperson Gina Antonini, involved a highly-targeted phishing attack that compromised employee information and internal documents. However, Reddit stated at the time that there was no evidence of personal user data, such as passwords and accounts, being stolen.
BlackCat, the ransomware gang responsible for the attack, has now taken responsibility for the intrusion and has threatened to leak the stolen data, although they have not provided any evidence of the actual theft. The nature of the compromised data remains unknown.
The same hacking group was previously linked to an attack on Western Digital in March, where they stole 10 terabytes of data, including customer information. Additionally, they claimed responsibility for stealing data from Ring, an Amazon-owned video surveillance company.
BlackCat recently posted on a dark web leak site, revealing their attempts to contact Reddit in April and June, but received no response. In their post titled “The Reddit Files,” the hackers demand a ransom of USD 4.5 million in exchange for deleting the stolen data and a rollback of Reddit’s API pricing changes, which have caused controversy within the Reddit community.
Reddit’s new API pricing plans have faced significant backlash, resulting in the closure of popular third-party app Apollo and the temporary shutdown of several subreddits, including r/music and r/videos, in protest against the new API policy.
It is worth noting that this is not the first time Reddit has faced a data breach. In 2018, attackers gained access to a complete copy of Reddit’s data from 2007, including usernames, hashed passwords, emails, public posts, and private messages.
Click Here For The Original Story From This Source.
