The BlackCat ransomware gang, also known as ALPHV, has claimed responsibility for a cyberattack on Reddit in February 2023 — one that saw hackers purportedly steal 80GB of compressed data.
In a post on its leak site over the weekend, the group demanded $4.5 million to delete the information. Capitalizing on the social media site’s recent user backlash, hackers also ordered Reddit to withdraw its new controversial API pricing policy.
Reddit plans to go public in the near future, and its API pricing policy — aimed at cutting down costs and moving toward profitability — has seemingly alienated a large number of users and sparked online protests.
According to the post, the stolen haul includes data on user statistics and “artifacts” from Reddit’s GitHub repository.
“We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took,” The Reddit Files post reads.
Additionally, BlackCat alleged that Reddit silently censors its users and was highly critical of CEO Steve Huffman. The company’s chief has recently come under fire for the new API pricing that could put several third-party developers out of business.
“Pass on the torch, Spez, you’re no longer cut out for this kind of work,” hackers added.
Hackers Reached Out to Reddit Twice, Expected to Leak Data Soon
In a post titled “The Reddit Files,” the BlackCat group let the world know that it was responsible for breaching Reddit’s IT infrastructure earlier this year. Hackers say they contacted Reddit twice about the breach — on April 13 and June 1. The post’s author claims they informed Reddit in the first email that they would wait until the company’s IPO came along.
However, the company did not respond to the group’s attempted communication. The group demanded $4.5 million to delete the information they stole and to keep the incident out of the public sphere. The author wrote they were confident Reddit would not pay up, and would instead be happy to make their stolen haul public.
“There was no attempt to find out what we took,” BlackCat wrote.
Interestingly, much of the Reddit Files post took aim at CEO Steve Huffman. The author said Huffman was “undermining his own agenda” and, as a final warning, demanded that Reddit withdraw its API pricing policy along with paying up the sum. The author threatened to leak the files should Reddit fail to meet all their demands.
“He makes an effort to appear tough, but we all know what happens to individuals like him when businesses go public. such as Adam Neumann of WeWork,” hackers wrote.
Reddit Acknowledged Breach in February
While the ransomware group did not go into any details about how it breached Reddit, the company acknowledged the security incident back in February. At the time, Reddit said that malicious actors gained access to an employee’s credentials through a sophisticated phishing attack. The actors used this to access internal docs, code, and other dashboards and systems.
However, the company said it found no traces that the actors breached its operational stack or primary servers. It also said user accounts and passwords were safe.
Interestingly, phishing and social engineering are not a usual part of BlackCat’s playbook. The group is primarily known to operate a Ransomware-as-a-Service (RaaS) business model. This essentially means that the group creates malicious software and sells it to other lesser-skilled cybercriminals over the dark web, and split the revenue in any successful attack.
We recommend reading up more on Ransomware-as-a-Service, which is a growing threat to individuals and companies, to learn how to protect yourself.
