Reddit hackers demand $4.5 million and changes in controversial API policy

BlackCat ransomware group revealed that it had successfully infiltrated Reddit's infrastructure, making off with a staggering 80GB of data

Earlier this year, Reddit's systems fell victim to a hack orchestrated by the ransomware group known as BlackCat. Initially reported by Bleeping Computer, the group has now come forward and taken credit for the February phishing attack on the popular social media platform.

In a post shared by researcher Dominic Alvieri, BlackCat revealed that it had successfully infiltrated Reddit's infrastructure, making off with a staggering 80GB of data. The group is now threatening to publicly release this stolen information unless its demands are met. Alongside a hefty $4.5 million ransom, BlackCat is insisting that Reddit reverses its recently announced API pricing changes, which had triggered widespread protests among users and moderators.

When the breach occurred, Reddit acknowledged that the hackers had employed a highly sophisticated and targeted phishing attack to gain unauthorised access to internal documents and data, which included the contact details of employees and advertisers. The company maintained, however, that user data beyond what was already public remained unaffected.

In response to inquiries, Reddit has chosen to remain tight-lipped about the incident, declining to comment on the record. Bleeping Computer, however, has corroborated that the hack perpetrated by BlackCat aligns with the breach disclosed by Reddit in February.

BlackCat's newfound demand for changes to API pricing is an extension of the contentious dispute between Reddit's leadership and its most engaged users. Following Reddit's announcement that it would introduce charges for developers of third-party apps, potentially amounting to millions of dollars annually, numerous popular subreddits opted to go dark in protest. These actions involved restricting new posts and limiting public access.

In an interview with The Verge, Reddit CEO Steve Huffman emphasised that the platform was never designed to accommodate third-party apps and reaffirmed the company's commitment to its proposed changes.

It is worth noting that this is not the first time Reddit has fallen prey to a cyber attack. Back in 2018, the platform experienced a security breach in which a hacker managed to gain access to user data, including email addresses, old usernames, and passwords.