Reddit: Hackers demand $4.5 million and API policy changes

Group claims to have stolen 80GB of data

Criminals have told Reddit to pay a ransom demand and roll back its controversial API price hikes, or they will publish confidential data they have stolen from the platform.

Earlier this year, hackers managed to breach internal Reddit data by executing a phishing campaign that specifically targeted employees.

The company became aware of a "sophisticated" phishing attack on 5th February, which targeted employees and attempted to steal their credentials and two-factor tokens.

At least one employee fell victim, enabling the attackers to access documents, code and certain internal dashboards and business systems, although no user data.

Now security researcher Dominic Alvieri has found a post on the data leak site of the ALPHV ransomware operation, also known as BlackCat, claiming involvement in the February attack.

The group says they obtained 80GB of compressed data from Reddit, and are now threatening to make the data public unless their demands are met.

Unusually for a ransomware group, BlackCat isn't only demanding money (although they are: $4.5 million to be precise, which they contacted Reddit about in April and June without a response).

The other demand relates to Reddit's upcoming changes to its API policy, which will make it much more expensive to run third-party apps to access the site.

BlackCat is now threatening to expose Reddit's data if the company fails to comply with the ransom demand. Additionally, BlackCat is demanding that Reddit reverses its recently implemented API pricing changes, which had sparked significant backlash and protests from users and moderators.

According to the post, the stolen data is deemed valuable to customers as it purportedly exposes Reddit's treatment of its users.

"The public will be able to read about all the statistics they track about their users and all the interesting confidential data we took," reads the post.

"Did you know they also silently censor users? Along with artifacts [sic] from their GitHub!"

Despite inquiries, Reddit has opted to maintain of silence regarding the incident. However, Bleeping Computer stated in a report that the hack carried out by BlackCat aligns with the breach previously disclosed by Reddit in February.

BlackCat's recent demand for changes to API pricing is an extension of the ongoing dispute between Reddit's leadership and its highly engaged users.

In April, Reddit announced its intention to increase the fees associated with accessing its APIs, triggering significant backlash from customers and resulting in a site-wide protest last Monday.

During the protest, numerous high-traffic subreddits went offline for 24 hours.

Reddit CEO Steve Huffman has emphasised that the platform was not originally designed to accommodate third-party apps.

In an interview with The Verge, he reaffirmed the company's commitment to the proposed changes in API pricing.

Reddit has encountered security breaches in the past, highlighting the ongoing challenges posed by cybersecurity threats.

In 2018, Reddit suffered a security breach where a hacker gained unauthorised access to user data. This breach resulted in the exposure of information such as email addresses, old usernames, and passwords.