Back in February, Reddit disclosed a “security incident” that saw attackers gain unauthorized access to “some internal documents, code, and some internal business systems” after the theft of an employee’s credentials via a successful phishing scam.
Now, the ransomware group behind the attack, known as BlackCat/ALPHV, claims to have 80GB of stolen data in its hands, and negotiations with the platform haven’t made any headway.
This, from the same group that is believed to be behind the Western Digital attack in March that saw the company make the decision to take its clouds offline.
Reddit refuses to negotiate with ransomware group
In a post on the gang’s data leak site (via BleepingComputer), the author writes “Operators broke into Reddit on February 5, 2023, and took 80 gigabytes (zipped) of data.”
BlackCat claims to have emailed Reddit on two separate occasions, once in April, and again in June, but “there was no attempt to find out what [the group] took.”
The attack is clearly being used as a vehicle to expose information about Reddit that it may not want users to know, with the post highlighting that the open-source platform “silently censor[s]” users and artifacts from its GitHub. Reddit did not respond to TechRadar Pro’s request to confirm or deny these allegations.
The group’s latest email asks for $4.5 million, for which it will delete the data and remain silent. It also asks that Reddit withdraws its API pricing changes along with its money, or it will be forced to leak the information it has. Put bluntly, the attacker says: “We expect to leak the data.”
Likening Reddit CEO Steve Huffman (whose username on the platform is ‘spez’) to Adam Neumann of WeWork, the author demands: “Pass on the torch, Spez, you’re no longer cut out for this kind of work.”
A Reddit spokesperson directed us to its February announcement about the attacks, which it summarized as follows:
“Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems.”
The company also noted that user accounts and passwords were not accessed and that these are familiar tactics employed by the group that have been witnessed before.