Reddit has been thecenter of attentionduring the past few weeks, because it is changing its API rules and adversely affecting third-party apps in the process. A few of the big apps haveannounced shutdowns, and several majorsubreddits have gone dark in protest. Now, we are learning of a hacker group threatening to leak 80GB of confidential Reddit data unless the company rolls back the API changes and coughs up a ransom.
A group of bad actors collectively known as ALPHV and infamous for the BlackCat ransomware have claimed responsibility for amajor Reddit breachthe company acknowledged in February this year. This group was also in the news fortargeting Western Digitaland Amazon’s surveillance hardware brandRing in March. ALPHV claims to have stolen around 80GB of compressed data from Reddit systems during the attack, and is now threatening to leak it (viaBleepingComputer).
The hackers are holding the data at ransom, and their demands seem simple: Reddit must roll back the API changes and cough up $4.5 million. In posts on the dark web, ALPHV says it contacted Reddit on April 13 and again on June 16, but to no avail. The group also mocked Reddit CEO Steve Huffman, also known as /u/spez. This is a traditional ransomware attack, except Reddit’s systems are still fully operational and the hackers didn’t lock them out.
I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data.
Pass on the torch, Spez, you’re no longer cut out for this kind of work.
A Reddit spokesperson did not respond toTechCrunch’s requestfor comment, but confirmed that ALPHV’s threat is based on the February data breach. At the time, Reddit reassured everyone that no customer data, banking information, and user passwords were compromised. The hackers only gained access to internal documents and code running the website.
The hacker’s claims and demands are bold, but they also haven’t shown proof of having the stolen data. It remains to be seen if Reddit will roll back the API changes, whether as a part of caving in to ALPHV’s demands, or otherwise.
