Reddit hackers issue ransom demands for cash and API changes
Pexels/RedditAmidst the Reddit API revolt, a hacking group has gained access to 80GB of sensitive internal documents and is demanding $4.5 million from the social media giant.
BlackCat, a hacking group, is reportedly holding 80GB of confidential data they allegedly managed to access after a phishing scam in February. The phishing scheme allowed them access to a member of the staff’s phone.
BlackCat’s demands include a $4.5 million payout and reversing the API changes, or they will begin to leak the data online. It doesn’t appear that BlackCat has any user data, but the CTO of Reddit, Christopher Slowe, confirmed a list of what was stolen in a confirmation post:
“The attacker gained access to some internal docs, code, as well as some internal dashboards and business systems.
“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
BlackCat has been around under different guises, with the group previously linked to the Western Digital hack, which took down the My Cloud service. On top of this, BlackCat’s methods have been linked to a similar hack that saw League of Legends source code go up for auction on the black market.
BlackCat ALPHV group now demands Reddit API changes on top of $4.5 million
The group, also known as ALPHV, claims to have been in contact with Reddit on two different occasions. However, they never received any answers, and are now demanding the cash and API changes to prevent the data from being posted online.
BlackCat’s demands for the API are a new addition to the ransom, as Reddit’s new changes to how they share data with third parties. The results have led apps like Apollo to shut down as they wouldn’t be able to afford the $20 million fee for pulling in data. Subreddits are currently protesting the changes with planned blackouts, or reopening with new John Oliver-themed rules.
Reddit’s CEO has doubled down on the changes, and some moderators are claiming they’ve been forced to open due to threatening messages.