Reddit Hackers Turn Hacktivists: Threaten To Leak Stolen Data After Failing To Sell On Black Market

Reddit was hacked in February this year. Back then, the platform immediately disclosed the data breach and even indicated what was most likely accessed and stolen during the digital heist. It appears the hackers are now trying to portray themselves as hacktivists.

The BlackCat (ALPHV) ransomware gang managed to breach Reddit servers using a phishing attack earlier this year. The group claims it has about 80GB worth of sensitive data and is now threatening to leak the data unless Reddit rolls back the API pricing changes and pays the money demanded.

BlackCat Ransomware Behind Reddit Hack

The ALPHV ransomware operation, infamous as BlackCat, has claimed it successfully hacked Reddit on February 5, 2023. On February 9th, Reddit disclosed that its systems were hacked on February 5th. The platform indicated that an employee fell victim to a phishing attack, leading to the hackers stealing some data.

The ALPHV ransomware gang gained access to Reddit's systems and steal internal documents, source code, employee data, and limited data about the company's advertisers. "After successfully obtaining a single employee's credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems," stated Reddit.

"We show no indications of a breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data)," the platform assured users. Additionally, production systems were not breached, and no user passwords, accounts, or credit card information were impacted.

BlackCat Wants Ransom And Rollback Of API Pricing Changes

In a "Reddit Files" post on BlackCat's data leak site, the threat actors claim to be in possession of 80 GB of compressed data. In the post, the group threatened that it plans on leaking the data.

BlackCat claims it attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.

"I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data," threatened the ransomware operation.

"But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took. Did you know they also silently censor users? Along with artifacts from their GitHub!"

It is interesting to note that the BlackCat has also demanded Reddit rollback the controversial API pricing policy changes that will soon be enforced. This demand is in addition to the $4.5 million.

Strangely, despite being a ransomware group, BlackCat did not encrypt devices in this attack. In other words, Reddit is operational. Needless to say, hundreds of subreddits continue to remain inaccessible due to the ongoing protest.