Reddit hackers threaten to release stolen information if demands are not met
In February, Reddit was hacked by the BlackCat ransomware gang, who allegedly stole 80GB worth of data from the company. The group gained access to Reddit’s system on February 5th through a phishing attack that an employee fell for.
Reddit confirmed their systems were hacked on February 9th and the hackers had access to internal documents, employee data, source code as well as limited information about the company’s advertisers.
Though the hackers had access to the system, Reddit claims there was no indication of an attack on the primary production system. This means the hackers didn’t have access to user passwords, credit card information, or account details, because they were part of a different stack.
Reddit did not share many details about the attack but they said there were similarities with the phishing attack on Riot Games.
The attack on Riot Games was pretty damaging since the hackers had access to League of Legends and Teamfight Tactics source code. The hackers also had access to Riot Games' Packman legacy anti-cheat platform and demanded $10 million not to leak the stolen data. Riot Games ignored the ransom demand, forcing the hackers to try and sell the data for $1 million on a hacking forum.
BlackCat claim responsibility for the Reddit hack
In a move similar to Riot Games, Reddit has decided to ignore the ransom demand based on an email from the hacking group. BlackCat hackers claim to have emailed Reddit twice on April 13th and June 16th with no response. They were demanding $4,5 million to keep their mouths shut and delete the data.
BlackCat is confident Reddit will not meet This made the group threaten to leak data on statistics Reddit uses to track users as well as other confidential data. In addition to money, BlackCat also demanded Reddit to backtrack their new plans of charging for API access.
While BlackCat is notoriously known for ransomware attacks, they did not encrypt Reddit devices during the February attack. Reddit is yet to comment about the BlackCat post which was published on their data leak site known as ALPHV.
The group is also believed to be behind a similar attack on Western Digital earlier in March, which took the company's My Cloud service down. While the group behind the Western Digital attack claimed to have no name, they leaked the data on ALPHV which is mainly associated with the BlackCat group.