Hackers Target Reddit, Demand $4.5 Million and API Modifications Threatening to Release 80GB of Data

In a recent disclosure, Reddit confirmed falling victim to a targeted phishing scheme in February. The attack resulted in the exposure of internal documents, dashboards, code, contracts, and certain personal information of advertisers, as well as past and present employees. Fortunately, none of the compromised data has been made public so far. However, this may soon change, as the ransomware group known as BlackCat (ALPHV) has claimed responsibility for the hack and boasts possession of 80GB of compressed data. In a post titled “The Reddit Files,” BlackCat has issued a demand for $4.5 million from Reddit, along with a request to revert API price increases, in exchange for deleting the stolen information.

The BlackCat hackers executed their scheme by tricking Reddit employees into visiting a website designed to resemble the company’s intranet gateway. The employees received deceptive prompts that appeared plausible, leading to the theft of their login credentials and second-factor tokens. One individual involved in the incident promptly reported the mistake, and it appears that the security breach did not compromise the personal information of Reddit users.

Months later, the hackers have chosen to reveal themselves publicly amidst widespread protests against the API price hikes implemented by Reddit (the very changes BlackCat demands to be reversed). The increased costs have forced popular third-party apps like Narwhal and Apollo to shut down. Christian Selig, the creator of Apollo, stated that continuing his app’s operation would require an annual expenditure of $20 million. Developers also express concerns that the loss of third-party apps will result in increased censorship and diminished opportunities for generating ad revenue.

The protests escalated to the point where nearly 8,000 subreddits simultaneously went offline. However, the outcome remains uncertain, as Reddit stands firm in its plans. In an interview with The Verge, Reddit CEO Steve Huffman addressed the discontent, stating, “These people who are mad, they’re mad because they used to get something for free, and now it’s going to be not free.” Huffman has also proposed implementing easier means to remove moderators who make “unpopular” decisions. While Reddit shows no indication of reversing its decision, some advertisers have paused their activities on the platform during the ongoing blackout.