The chaotic fallout from Reddit’s controversial API price hike could get even more chaotic. The ransomware hacking group BlackCat, The company confessed to stealing 80 GB of company data in February, is now demanding that the news aggregator and community platform give up over $4.5 million and reverse its recent policy decisions or ensure that any such information becomes public. Uff.
Continue reading: Reddit’s CEO is only making things worse
BlackCat coming over too ALPHV said it emailed Reddit twice urges the company to comply with its demands, according to a post by cybersecurity researcher Dominic Alvieri and as reported by Beeping computer.
“In our last email to them, we explained that we wanted $4.5 million in exchange for the deletion of the data and our silence,” BlackCat said. “As we also explained: if we had to make this public, then we now demand that they also withdraw their API price changes along with our money, otherwise we will lose it.” Oh, how rogue.
According to Christopher Slowe, the company’s CTO and founding engineer, BlackCat was able to steal some data from Reddit through a phishing attack earlier this year, which allowed the group to steal employee data, internal documentation, source code and small information about the company’s advertisers. In a Reddit post from February 9th, Slowe said the group tricked a lone Reddit employee, who then granted access to BlackCat. The employee who was attacked later reported the incident himself, and according to Slowe, the company’s security team quickly denied access to the intruder.
“Late February 5, 2023, we became aware of a sophisticated phishing campaign targeting Reddit employees,” Slowe said. “As with most phishing campaigns, the attacker sent plausible-sounding prompts directing employees to a website that mimicked the behavior of our intranet gateway in order to steal credentials and second-factor tokens. [However,] We show no signs of a breach in our primary production systems (the parts of our stack that run Reddit and that store the bulk of our data). […] Based on our research to date, Reddit user passwords and accounts are secure.”
my city I reached out to Reddit for comment.
Continue reading: Reddit CEO says blackout hasn’t really cost her any money yet and will ‘pass’
This is all happening because Reddit is facing heavy backlash over its decision to increase the price of third-party apps accessing its API. Some apps such as Apollo and Infinity have stated that the price increase could cost millions of dollars a year to maintain functionality, leading prominent subreddits – like r/anime and r/gaming – to do so Go into the dark to protest What many users see as unpopular changes for Reddit.
