In a recent development, Reddit has fallen victim to hackers who are now demanding a staggering $4.5 million ransom.
However, their demands don’t end there. The hackers, known as BlackCat, are also calling for policy changes related to the controversial API pricing updates.
The breach took place in February when the hackers executed a sophisticated phishing campaign, specifically targeting Reddit employees. Reports from Bleeping Computer confirmed BlackCat’s claim of responsibility for the attack.
According to researcher Dominic Alvieri, the ransomware group managed to infiltrate Reddit’s systems, gaining access to a substantial 80GB of internal data. Unless their demands are met, the group threatens to publicly release the stolen information.
Aside from the financial aspect, BlackCat is demanding that Reddit revert the planned API pricing changes, which have been the subject of intense user and moderator protests in recent weeks.
Reddit users and communities voiced their concerns after the platform announced its intention to implement charges for third-party app developers, potentially amounting to millions of dollars annually.
The resulting backlash led to several major subreddits temporarily going dark, limiting new posts and restricting public access.
When the breach initially came to light, Reddit confirmed that the hackers utilized a highly targeted and sophisticated phishing attack. The compromised data included internal documents, employee contact information, and advertiser details.
However, Reddit assured users that their private data, which was not already public, remained secure.
Despite the gravity of the situation, Reddit has chosen not to comment officially on the hack at this time. Bleeping Computer has reported that the incident disclosed by Reddit in February aligns with the BlackCat hack.
This unfortunate breach is not the first time Reddit has faced a security incident. In 2018, the platform experienced a separate attack that resulted in the unauthorized access of user data, including email addresses, old usernames, and passwords.
The Reddit community and stakeholders eagerly await further updates on the situation and hope for a swift resolution to protect the platform’s integrity and user privacy.