Reddit Hackers Threaten to Leak 80GB of Data Stolen in Ransomware Attack Over API Changes: Report
Reddit hackers have reportedly threatened to leak 80GB of data stolen from the company in a data breach earlier this year. A ransomware attack targeted the company in February after an employee’s credentials were phished, and the data that was exfiltrated could be leaked online if the hacker’s demands are not met. Notably, aside from a ransom amount for the files stolen from the company, the ransomware group has also demanded that Reddit reverse controversial changes to its application programming interface (API) that will effectively kill third party Reddit apps by the end of June.
According to a BleepingComputer report citing cybersecurity researcher Dominic Alvieri, the ransomware group BlackCat has claimed responsibility for the cyberattack on Reddit that took place on February 5. The BlackCat group, also known as ALPHV, reportedly plans to release a compressed file with 80GB of data stolen from the platform, after attempts to contact Reddit on April 13 and June 16, demanding a ransom of $4.5 million (roughly Rs. 37 crore) to delete the data.
“I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took. Did you know they also silently censor users? Along with artifacts from their GitHub!” the BlackCat group posted on its website.
Back in February, Reddit disclosed that it was affected by a cyberattack after hackers phished an employee’s credentials and stole source code, internal documents, and other information, according to the platform. The BlackCat group had not claimed responsibility for the breach at the time. The group’s latest post states that it was waiting until the company’s IPO to leak the stolen files, but will now release the leaked data if the ransom is not paid and if the company doesn’t reverse its new API pricing that could kill third-party apps on the platform.
Over the past week, thousands of popular subreddits — communities dedicated to specific interests or topics — went private and restricted access to users to protest the platform’s new changes that are aimed at third-party apps and automated bots on the platform. Reddit will charge users $0.24 (roughly Rs. 20) for every 1,000 API calls, which means that the cost of operating the app would be $1 (roughly Rs. 80) per user, per month.
However, as Christian Selig, creator of the popular third-party iOS Reddit client Apollo points out, this would lead to a minimum of $20 million (roughly Rs. 160 crore) in annual costs to keep the third-party app alive. Several third-party app developers, along with Selig, plan to shut down their apps at the end of June, before the new API charges kick in next month.
Reddit’s refusal to lower the cost of its API use has resulted in the moderators of several subreddits protesting the shuttering of third-party apps that offer vital tools to moderate their communities. However, less than a week after the protest began, the platform claimed that 80 percent of its top subreddits were open amid the ongoing protest.