BlackCat Hackers Threaten Reddit With Huge Data Leak Unless It Rolls Back API Changes

blackcat alphv ransomware group claims reddit attack and threatens leak
With Reddit somewhat imploding on the cusp of going public, some are taking advantage of the situation. Ransomware gang BlackCat (ALPHV) has recently claimed a February attack against Reddit, claiming to have stolen 80GB of data from the social media company.

In early February of this year, hackers from the BlackCat group broke into Reddit through a sophisticated and highly targeted phishing attack. Reddit employees who fell victim to the phishing effectively handed over their login credentials and second-factor tokens, allowing the attackers to access “internal docs, code, as well as some internal dashboards and business systems.” At that time, the amount of data accessed or taken was downplayed, and it was reported that the data had not yet made its way onto the internet.

reddit files blackcat alphv ransomware group claims reddit attack and threatens leak

This week though, BlackCat (ALPHV) came forward and claimed the February attack, saying the group made off with 80GB of files. Reportedly, the group attempted to contact Reddit in April and June with demands of $4.5 million for the deletion of data and silence. However, in the latest email, the group now demands that Reddit “also withdraw their API pricing changes along with our money or we will leak [the data].”

At this point, the group is seemingly expecting and ready to leak the data, which might include user tracking data, confidential business information, potential evidence of censorship, and GitHub artifacts. Of course, this might also be hyperbole and overstating the actual value of the data for "excitement" purposes.

At the end of the day, this threat of data leakage is partially in response to Reddit’s API changes which came at a rather convenient time. While the threat actors could have waited for Reddit’s IPO, there are now many eyes on the situation, and adding this to the pile could be rather detrimental. We will have to wait and see what happens next with the leaks, so stay tuned as we wait for possible file samples or a full leak to cover.