Close-up of hands typing on a computer keyboard showing Reddit hack and data breach

BlackCat Claims Reddit Hack, Threatens to Leak Damaging Info Stolen During the February Data Breach

BlackCat/ALPHAV ransomware gang has claimed responsibility for the Reddit hack and threatened to leak files stolen in the February 2023 data breach.

Claiming to have damaging information about the social media giant, the REvil successor demanded monetary compensation and API pricing reversal to avoid publishing the data online.

However, the Russian-speaking cybercrime gang believes that Reddit will not pay the ransom, and thus the stolen data release was imminent.

BlackCat/ALPHAV takes responsibility for the Reddit hack

Reddit spokesperson Gina Antonini confirmed BlackCat’s claims that the ransom demand was related to the February 9, 2023, data breach.

Reddit CTO Christopher Slowe (KeyserSosa) had previously disclosed that the data breach leaked internal documents, source code files, employee information, and limited advertiser data.

However, no evidence suggested that Reddit user data, including passwords and account information, was exposed.

Slowe had attributed the Reddit hack to a highly targeted phishing attack that compromised an employee’s account, giving hackers access to internal files, dashboards, and business systems.

However, the Reddit hack did not compromise the company’s production systems that store most user data.

Reddit had assured the public that no stolen information had been leaked, but that situation was about to change.

BlackCat demands $4.5 million from Reddit hack

BlackCat claims to have accessed 80GB of Reddit data, including internal documents and source code files. The ransomware gang threatened to publish the trove on its data leak site unless Reddit complied with its ransom demands.

The ransomware gang is demanding $4.5 million in exchange for deleting the stolen Reddit data and halting the controversial API price changes.

BlackCat contacted Reddit twice on April 13 and June 16, demanding ransom payment but was skeptical that the social media company would comply.

“I told them in my first email that I would wait for their IPO to come along,” the Reddit hack perpetrators said. “But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. We expect to leak the data.”

Commenting on the Reddit hack, James McQuiggan, Security Awareness Advocate at KnowBe4, encouraged more companies to avoid paying the ransom: “Organizations must continue to take a stand and avoid paying extortion-style ransoms after cybercriminals gain access to their infrastructure, data, and systems.”

The Reddit data breach culprits are unlikely concerned about the proposed API pricing charges and only exploited the controversy to pressure Reddit into negotiating.

Despite protests from top Reddit users and moderators, the social media platform insisted that the proposed API pricing would proceed. Seemingly, the data breach is unlikely to change the company’s plan to charge $0.24 per 1,000 API calls.

Reddit CEO Steve Huffman has taken a page out of Elon Musk’s playbook and claims the proposed API charges would earn the company some profit after the IPO.

Third-party apps have benefitted immensely from the free Reddit API, potentially starving the clunky official app of user engagements, which are the bread and butter of social networking. Generative AI models have also extensively trained on Reddit data without compensating the company.

Reddit data breach allegedly exposed damaging information

BlackCat claims to have obtained damaging information capable of destroying the company’s reputation. However, the ransomware gang has not published samples to support those claims.

“But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took,” the ransomware group warned. “Did you know they also silently censor users? Along with artifacts from their GitHub!”

BlackCat’s alleged revelations are hardly surprising to users who are already aware of the extensive tracking by social media companies. Similarly, with Reddit being one of the most heavily moderated platforms, Reddit’s secret censorship allegations are hardly groundbreaking.

Meanwhile, the Reddit hack is among several data breaches attributed to the Rust-language-based ransomware group this year.

The group was responsible for the City of Lakewood in Washington data breach in February 2023, Lehigh Valley Health Network, Wawasee Community School Corporation, Essen Medical Association, Canadian Constellation Software, and dozens others.