Reddit Gets Hacked, Data Held Hostage For Millions Of Dollars

The ransomware hacker group BlackCat vows to release internal Reddit data unless the company pays them $4.5 million.

By Kevin C. Neece | Updated

The popular news and social media site Reddit has been the victim of a data breach, and the hackers responsible want $4.5 Million against a threat to release the data to the public. According to Kotaku, the hacker group BlackCat has claimed responsibility for a phishing scheme in February that allowed them to cull 80GB of company data, which they are presently holding hostage.

The ransomware group promises to delete the data if their demand is met, while the alternative is that they will release the information publicly.

Reddit has come under fire in recent days for some of its corporate decisions, and this attack appears to be a direct response to the actions the company has taken that have angered many. The controversial move to raise the price of access to its API for third-party apps has those companies, like Infinity and Apollo, crying foul. They claim the increase could lead the maintaining of functionality to cost millions more dollars per year.

They are not the only ones protesting Reddit’s recent changes, either, with r/gaming, r/anime, and other well-known and popular subreddits protesting the move. These subreddits have gone dark, taking down their content in an effort to persuade the company to change its unpopular and widely criticized new policies. Of course, that move involves only the content the subreddits control and a push for action, not stolen company data and a demand for a huge payout.

BlackCat, also known as ALPHV, claims to have stolen the data, including information about some of the company’s advisors and internal documentation, through a targeted phishing scheme. In February, a Reddit employee reported having been duped by an email that ultimately gave the hacker group access to the information.

reddit

According to the company’s founding engineer and CTO, Christopher Stowe, the email used what seemed to be a plausible scenario and a link to a cloned website. The website mimicked Reddit’s intranet gateway, ultimately allowing the hackers access, until the staffer’s report led the company’s security team to shut down the digital interloper’s illegally-obtained access.

This was not, however, before the hackers were able to steal a sizeable swath of information, including source code, advertiser information, and, perhaps most troublingly, employee data. Stowe also stated that the breach did not access the company’s primary systems.

Those systems include the portions of the stack that are responsible for running Reddit and house the largest percentage of the company’s internal data. So far, he says, this means the hackers do not appear to have gained access to user information, including personal passwords. BlackCat had originally contacted the company privately with only the ransom demand of $4.5 million, but with a warning that the threat would be escalated publicly if Reddit did not comply.

As they have yet to receive their payday from Reddit, the hacker group has now gone public and is further demanding the company both pay the ransom and withdraw the pricing changes to their API. So far, the company has not responded to the demands, so it remains to be seen how this situation will play out.