Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Android Central
Android Central
Technology
Jay Bonggolto

Reddit hackers demand reversal of API changes in exchange for stolen data

Reddit homepage on a laptop

What you need to know

  • Threat actors have gained access to Reddit's systems and user data through a phishing attack in February of this year.
  • The hackers have stolen internal documents, source code, employee data, and some information about Reddit's advertisers.
  • A $4.5 million ransom has been demanded, or the attackers threaten to leak the stolen data.

A ransomware gang has threatened to leak Reddit's confidential data unless the company walks back on its recent API price hikes and pays $4.5 million.

Bleeping Computer reports that BlackCat has claimed responsibility for the Reddit attack on February 5, when an employee fell prey to a phishing campaign. As a result, around 80GB of data comprising internal documents, source code, employee contact details, and limited advertiser information have been compromised.

The hackers remained anonymous until recently, when BlackCat owned up to the attack and demanded a large sum of money for the stolen data. Threat actors also want Reddit to reverse its API changes, which could cost third-party app developers millions of dollars per year. The contentious decision also prompted recent site-wide protests in which many subreddits went dark, limiting the visibility of many Reddit posts.

At the time of the hack, Reddit said in a post that there were no signs of a breach of its primary production systems, where the majority of its data is stored. Additionally, there's "no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online."

However, with the recent threat to leak these pieces of data if Reddit does not comply with the attackers' demands, that could change anytime soon. The threat actors claimed in a post on the ransomware group's data leak site, spotted by security researcher Dominic Alvieri, that they tried to contact Reddit on April 13 and on June 16 to raise their demand, but no response was received.

BlackCat’s demand exacerbates Reddit's predicament following API pricing changes. With the increased API price set to take effect on July 1, Reddit has less than two weeks to sort things out or risk having their internal data exposed to the public.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.