Hackers claim to have stolen 80GB of data from Reddit; demand $4.5 million in ransom

The situation surrounding recent Reddit API changes is getting stranger by the day. While everyone was talking about thousands of Reddit communities going dark to protest third-party app charges, a hacking group has just forward with a claim that it’s in possession of 80GB of Reddit data.

A ransomware group known as BlackCat which claimed responsibility for a security breach on Reddit’s systems in February of this year is now demanding money and policy changes. BlackCat claims to have stolen 80GB of data from Reddit. The group demands that Reddit revert its API changes and remit a hefty $4.5 million ransom, warning that they will make the stolen information public if their demands are not met.

According to a report from Bleeping Computer, the breach was initiated when an employee fell victim to a phishing attack. Dominic Alvieri, a cybersecurity analyst and researcher, shared a screenshot from AlphV’s website on Twitter, confirming BlackCat’s claim. The group asserts that they managed to obtain 80GB of compressed data from Reddit.

The Reddit Files.@Reddit https://t.co/cIUyCWwMlP pic.twitter.com/gyHA7lplvG

— Dominic Alvieri (@AlvieriD) June 17, 2023

The group said it has made two attempts to contact Reddit officials on April 13th and June 16th but received no response. In their claim, the group demands a ransom of $4.5 million in return for the deleted data. Additionally, it was revealed by ely_sec, another individual in the cybersecurity community, that the group also insists on Reddit reverting the API pricing change that has caused significant controversy recently. Moreover, the BlackCat group threatens to disclose information related to user statistics they have been monitoring, as well as Reddit’s alleged covert censorship practices.

On February 9th, Reddit disclosed that its systems were hacked on February 5th due to an unfortunate incident where one of its employees fell prey to a phishing attack. As a result of this phishing attack, the perpetrators were able to infiltrate Reddit’s systems and successfully pilfer internal documents, source code, employee information, and a limited amount of data pertaining to the company’s advertisers.

“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explained a post by Reddit CTO Christopher Slowe, aka KeyserSosa.

“We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”

However, Reddit said that its production systems remained uncompromised, ensuring that no user passwords, accounts, or credit card information were affected by the breach. Only time will reveal the full extent of the situation.