An independent cybersecurity expert and CNN reviewed a post from the BlackCat ransomware gang, also known as ALPHV. The post said the group had stolen 80 gigabytes of confidential data from Reddit during a February breach and claimed to have accessed it. A cyber-security expert and CNN examined the dark web post, and the group claimed it had stolen 80 gigabytes.
A hacker group in Russia is threatening to release Reddit data if it doesn't pay a ransom demand - as well as reverse the controversial API pricing increases.
According to the hackers, they demand a ransom of $4.5 million and an API price hike from the company. This is if they hope to prevent data release, which was hacked.
It appears that phishing attacks allow threat actors to gain access to the company's systems to steal internal documents, source code, employee data, and a limited amount of information about Reddit's advertising partners.
Reddit spokesperson confirmed that "BlackCat's claims refer to a cyber incident that Reddit confirmed on February 9 as related to BlackCat's claims". During a high-targeted phishing attack carried out at the incident, hackers accessed information about employees and internal documents.
Information about employees and internal documents was accessed through a targeted phishing attack. It is believed that the company was unaware that the passwords or accounts of customers had been stolen.
Reddit provided no further information regarding the attack or the culprits. Nevertheless, over the weekend, BlackCat raised the stakes in the February cyber intrusion, claiming responsibility for it. It threatened to leak the "confidential" information obtained during the attack. BlackCat has not shared any evidence of data theft by the hackers, and it's unclear exactly what type of information the hackers have stolen.
BlackCat has threatened to leak the "confidential" data but there is no sign of what it is supposed to be. They have neither provided evidence of data theft nor evidence to back up their claim.
CTO of Reddit Chris Slowe recently talked about a security incident that happened in February, and he posted about the incident here. Throughout the post, Slowe said that, as a result of a highly targeted and sophisticated phishing attack, the company's "systems were hacked," with hackers gaining access to "some internal documents, code, and some internal business systems." The hackers only obtained employee information, according to Slowe.
In a statement to CNN on Monday, a Reddit spokesperson confirmed that BlackCat's post refers to the incident in February. No user data was accessed, according to the spokesperson, but he refused to elaborate further on the matter.
Several Reddit forums remained dark last Monday during the planned two-day protest. This was intended to highlight the company's plan to charge steep fees for third-party apps to access the company's platform in the future.
There are still more than 3,500 Reddit forums unresponsive a week after the attack happened.
Some experts argue that BlackCat's actual motives are questionable while some are sympathetic to the protestors' cause based on the ransom note.
This is the second Reddit data breach in six years. This time, the attackers could access Reddit data dating back to 2007. A user's username, hashed password, email address, and the content of public posts and private messages were included in that report.
In February, hackers reportedly stole 80GB of data from Reddit and threatened to leak it in three days as part of their threat. In response to the breach, Reddit acknowledged the incident and is actively investigating the matter. A ransom demand has been made by the hackers, who have warned that if they are not paid, the thieves will release sensitive information about their victims.
As of right now, it is impossible to verify the authenticity of stolen data. There are persistent cyber threats that online platforms face daily. This incident reminds us of the importance of robust security measures against such threats. Reddit is striving to improve its privacy and security protocols, and users are advised to remain vigilant at all times.
