In a recent turn of events, it was revealed that Reddit fell victim to a targeted phishing scheme in February. This scheme resulted in the exposure of internal documents, dashboards, code, contracts, and some personal information belonging to advertisers, as well as current and former employees. Although none of this data has been made public thus far, that could change soon. BlackCat, a notorious ransomware gang also known as ALPHV, has claimed responsibility for the hack and currently possesses 80GB of compressed data. In a post titled “The Reddit Files,” BlackCat announced its intention to delete the information if Reddit complies with its demands, which include paying $4.5 million and reversing API price increases.
BlackCat executed its plan by tricking Reddit employees with deceptive prompts that closely resembled the authentic Reddit intranet gateway. One employee fell for the scheme, unknowingly allowing the hackers to obtain their login details and second-factor tokens. The individual responsibly reported their error, and there is no indication that Reddit users’ personal information has been compromised as a result of this security breach.
Now, several months later, the hackers have emerged publicly, coinciding with widespread protests across the site concerning API price hikes. Interestingly, these are the same price increases that BlackCat is demanding to be undone. The elevated costs have forced popular third-party applications such as Narwhal and Apollo to shut down. Christian Selig, the creator of Apollo, stated that he would need to allocate $20 million per year to sustain his business. Developers are concerned that the removal of third-party apps will result in increased censorship and fewer opportunities for revenue growth through advertisements.
In response to the protests, approximately 8,000 subreddits simultaneously went dark. However, Reddit remains steadfast in its plans, with CEO Steve Hoffman stating in an interview with The Verge, “The people who are upset are simply frustrated because they were accustomed to receiving services for free, which will no longer be the case.” Hoffman has also suggested implementing easier methods for removing moderators who make unpopular decisions. While Reddit shows no inclination to reverse its decision, some advertisers have chosen to suspend their activities on the site until the blackout comes to an end.
The impact of this recent development on API prices remains uncertain, as Reddit has yet to comment on whether it will meet the hackers’ demands. BlackCat alleges that Reddit ignored its previous attempts to establish contact in April and June, leaving little hope that a public ultimatum will alter the situation. In their post, BlackCat confidently states, “We do not expect Reddit to pay any ransom for their data. Consequently, we anticipate releasing the data to the public.”
Frequently Asked Questions (FAQs) about hacker threat
What happened to Reddit in February?
In February, Reddit fell victim to a targeted phishing scheme that exposed internal documents, dashboards, code, contracts, and some personal information of advertisers, current and former employees.
Who is responsible for the Reddit hack?
The ransomware gang known as BlackCat or ALPHV has claimed responsibility for the hack and is demanding a ransom from Reddit.
What information do the hackers possess?
The hackers claim to have 80GB of compressed data, including the stolen internal documents, dashboards, code, contracts, and some personal information.
What are the hackers demanding?
The hackers are demanding $4.5 million from Reddit, as well as reversing the API price increases.
What is the impact of API price hikes?
The API price hikes have led to protests on the site, with popular third-party apps shutting down and concerns about increased censorship and limited ad revenue opportunities.
Has any data been leaked to the public?
As of now, none of the stolen data has been made public, but the hackers have threatened to leak it if their demands are not met.
How did the hackers gain access to the data?
The hackers employed a phishing scheme where employees received deceptive prompts to visit a website resembling Reddit’s intranet gateway. One employee fell for the trick, allowing the hackers to steal login details and second-factor tokens.
Will Reddit comply with the hackers’ demands?
Reddit has not yet commented on whether they will meet the demands. The hackers claim that Reddit ignored their previous contact attempts and are doubtful that a public ultimatum will make a difference.
What is the current status of the situation?
The API prices remain unchanged, and Reddit has shown no signs of reversing its decision. Some advertisers have paused their activities on the site during the ongoing protests. The fate of the stolen data and its potential leak is uncertain.