Saturday, March 2, 2024

Reddit hacker demands $4.5M and a change to new API rule

Share

Ransomware group BlackCat has claimed responsibility for a cyberattack on Reddit in February and is now demanding a $4.5 million payment to prevent it from publishing 80GB of data that it claims to have stolen from the site.

But that’s not all, as the group, which is also known as ALPHV, is insisting that Reddit also reverse the API price changes that have caused so much controversy just recently.

Recommended Videos

In a message posted by the group this week, the perpetrator said: “We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took … In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence.”

Several days after it learned of the February incident — described by Reddit as a “sophisticated and highly targeted” phishing attack — a spokesperson for Reddit confirmed that hackers had accessed some of the site’s internal documents, dashboards, code, and business systems. Data linked to former employees, company contracts, and some advertisers was also accessed. Passwords and other data connected to user accounts was not thought to have been compromised, Reddit said at the time.

BlackCat also wants Reddit to abandon its move to start charging third-party apps for API access, which could potentially cost some developers millions of dollars annually and force a number of popular ones to shut down. Many subreddits have been protesting about the changes, but Reddit’s top team seems intent on sticking to its plan.

BlackCat emerged in November 2021 and by July 2022 had compromised more than 100 organizations, according to Security Week. The group appears to have been quite active recently, too, launching an attack on Western Digital in March that apparently saw 10 terabytes of data stolen, while it also recently threatened to release data allegedly stolen from Amazon-owned video doorbell company Ring.

Read more

More News