The tumultuous consequences following Reddit’s controversial increase in API prices have the potential to escalate into further disarray.
The hacker group known as BlackCat, which took responsibility for seizing 80GB of company data in February, is currently demanding a sum of $4.5 million from the news aggregator and community platform.
BlackCat Threatens to Expose Reddit’s Acquired Information
They have also demanded the reversal of recent policy decisions, threatening to expose all the acquired information to the public if their demands are not met. The group, also known as ALPHV, claims to have sent two emails to Reddit requesting compliance. Cybersecurity researcher Dominic Alvieri reported these details, which were subsequently documented by BleepingComputer.
BlackCat stated, In our most recent email, we specified that we require $4.5 million in exchange for deleting the data and remaining silent. Furthermore, if we are compelled to make this matter public, we demand that Reddit withdraws its API pricing changes in addition to providing the money, or else we will release the information. Their intentions seem truly villainous.
Earlier this year, BlackCat successfully extracted certain data from Reddit through a phishing attack, enabling them to obtain employee data, internal documents, source code, and fragments of information about the company’s advertisers.
Read more: How To Unlock Healthy Benefits Plus Program Cards?
Subreddits Temporarily Deactivated Due to Unfavorable Changes
Christopher Slowe, the CTO and founding engineer of Reddit, confirmed these findings. According to Slowe, a Reddit employee was deceived by the group, resulting in access being granted. However, the targeted employee promptly reported the incident, and Reddit’s security team swiftly revoked the intruder’s access.
On the evening of February 5, 2023, we became aware of a sophisticated phishing campaign targeting our employees, Slowe disclosed in a Reddit post on February 9. Typically in such phishing campaigns, the attacker employs convincing prompts to direct employees to a website that imitates the behavior of our internal network gateway, with the aim of stealing credentials and second-factor tokens.
However, we have found no evidence of a breach in our primary production systems, which encompass the parts of our infrastructure that run Reddit and store the majority of our data. Based on our ongoing investigation, we can confirm that Reddit user passwords and accounts remain secure.
These events occur as Reddit faces significant criticism for its decision to increase the cost for third-party applications to access its API. Several apps, including Apollo and Infinity, have expressed concerns that the price hike could incur millions of dollars in annual expenses to maintain their functionality.
Consequently, prominent subreddits such as r/anime and r/gaming have temporarily deactivated their services in protest against what many users perceive as unfavorable changes implemented by Reddit.
Read more: Trump Legal Team Prohibited From Revealing Evidence In Documents Investigation