Reddit hacked! Hackers threaten to make private data public if company doesn’t roll back API changes
As the Reddit crisis spreads, a group of hackers are reportedly threatening to make stolen data public if their ransom demand is not fulfilled. The hackers had stolen confidential data back in February. They have demanded that the company roll back the API changes that they have announced in exchange for the deletion of the stolen data; otherwise, the group has threatened to release the data.
Reportedly, through a post on the dark web leak site, the BlackCat ransomware gang, which is also known as ALPHV, has asserted that they have stolen 80 gigabytes of compressed data from the platform. They claimed to have stolen it back in February during a breach of the company’s systems. A report by TechCrunch asserts that the Reddit spokesperson, Gina Antonini, has confirmed the incident that unfolded on February 9, 2023. At that time, the CTO of Reddit, Christopher Slowe, claimed that the hackers had accessed internal documents and employee information, and all of this took place during a “highly-targeted” phishing attack. However, as per reports, the CTO has stated that the company did not have any proof that sensitive data like passwords and accounts had been stolen.
Though the company did not share any details about this data breach, BlackCat has claimed responsibility for the cyber breach that happened in February and has threatened to leak the data unless they are not paid the requested amount and the API changes are not called off. However, it continues to be unclear what sort of data was stolen.
This group of hackers was responsible for a March attack on Western Digital systems, where the hackers stole 10 terabytes of data from the company. This includes enormous amounts of customer information. The gang was engaged in a negotiation for a ransom (reportedly a minimum of eight figures) for not publishing the stolen data. In the same month, the gang also threatened to leak data that they allegedly stole from Ring, an Amazon-owned video surveillance company.
As per the reports, in the post titled “The Reddit Files” that was published by BlackCat over the weekend, the group claims that it had contacted Reddit on April 13, 2023, and then again on June 16, 2023. However, the gang did not receive any response from the company. The gang wrote, “I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. We expect to leak the data.”
Recently, Reddit announced changes in their API pricing, which was available for free until now. Because of the free Reddit API, any developer building an application can request data and use it to build their app seamlessly and for free. Further, a developer can build an app with its own interface and then use Reddit to populate it. This can be done by using things like subreddit information, posts, or user profiles. With such pricing coming onto the scene, it has pushed many third-party apps like Apollo to shut down before the pricing came into effect. Due to this, redditors came together to revolt against these changes. Many communities went private, meaning that they went dark. Due to this, Reddit’s website temporarily went down.
However, according to the company’s recent blog post, Reddit has claimed that 80% of the communities are back online. In regards to the stolen data, the hackers have demanded a ransom of $4.5 million, along with rolling back the API pricing, in exchange for deleting the stolen data.