Hackers from the BlackCat ransomware gang, also known as ALPHV, have threatened to leak 80 gigabytes of confidential data stolen from Reddit during a breach in February, according to a post on the dark web.
In the post, the hackers disclosed that they initially requested a payment of $4.5 million in April in exchange for deleting the data and maintaining their silence. However, after receiving no response, they followed up on Friday with an additional demand: Reddit should withdraw its controversial new pricing policy that has sparked protests from influential users of the platform.
Reddit’s Chief Technology Officer, Chris Slowe, previously acknowledged a security incident in early February, stating that the company’s systems were hacked due to a sophisticated and targeted phishing attack. The hackers managed to access internal documents, code, and some internal business systems. However, Slowe clarified that no user data was breached or compromised.
A spokesperson from Reddit confirmed that BlackCat’s post on the dark web is related to the February incident and reiterated that no user data was accessed. The spokesperson declined to comment further.
Last Monday, over 6,000 Reddit forums went offline as part of a planned two-day protest against the company’s decision to implement high fees for certain third-party apps to access its platform. As of now, more than 3,500 forums remain dark.
While the ransom note seems to support the protestors’ cause, some experts remain skeptical about BlackCat’s true motives. Brett Callow, a threat analyst at cybersecurity firm Emsisoft, believes that ALPHV may not actually care about the API pricing but rather aims to demonstrate the ongoing harm they can cause to pressure victims into paying the ransom.
In response, BlackCat stated that they do not expect Reddit to meet their demands and expressed confidence that they will leak the data as planned.
Source: Read Full Article