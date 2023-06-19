Share the joy

Reddit is in the eye of the storm these couple of days; and there seems to be no end on sight. Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand, and also performs a U-turn on its controversial API price hikes.

BlackCat ransomware gang, also called ALPHV, has posted a new post on its dark web leak site where it claims to have stolen 80 gigabytes of Reddit’s compressed data during a February breach of the company’s system.

When contacted to comment on the threat, a Reddit spokesperson Gina Antonini declined to confirm to TechCrunch. She, however, confirmed the group’s claims that relate to a cyber attack that occurred last February.

Although Reddit failed to share further details about the attack, BlackCar, however, claimed responsibility for the February attack and threatened to leak “confidential” data stolen during the breach.

There has been no evidence of the leak from BlackCat, and it is unclear what types of data the hackers have in their possession.

In the post on its dark web leak site, BlackCat said it contacted Reddit on two occasions; once on April 13 and on June 16, but did not receive any response. “I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data,” BlackCat wrote. “We expect to leak the data.”

The BlackCat wants $4.5 million in exchange for deleting the stolen data and for Reddit to withdraw its API pricing changes.

As at the time of posting this, Reddit has not confirmed if it plans to bow to BlackCat’s demand. At the moment, it is a case of who blinks first as the company battles on two fronts to resolve its many issues.

In 2018, Reddit confirmed it suffered a security breach which exposed some of its internal systems to hackers. The breach involved circumventing the app’s two-factor authentication which it had in place via SMS interception. That attack served as a wake-up call to all users who at the time had not yet stopped using that method.

