Reddit has become a focal point of attention due to its recent modifications to API regulations, which have negatively affected third-party applications. This situation has led to the closure of announcements of several prominent apps and the temporary blackout of numerous significant subreddits as a form of protest. Additional development has emerged: a hacker group has come forward, threatening to expose 80GB of confidential Reddit data unless the company retracts the API modifications and pays a ransom.
This collective of malicious individuals, collectively known as ALPHV, has gained notoriety for their involvement in the notorious BlackCat ransomware, and they have claimed responsibility for a significant breach of Reddit that the company had acknowledged earlier this year in February. ALPHV has made headlines for targeting prominent entities like Western Digital and Ring, a surveillance hardware brand affiliated with Amazon. In their latest exploit, the group asserts that they successfully obtained approximately 80GB of compressed data from Reddit’s systems during the attack and are now leveraging it as a bargaining chip (according to reports by BleepingComputer).
The hackers now hold the stolen data for ransom, demanding that Reddit revert the API changes and pay $4.5 million. ALPHV has taken to the dark web to communicate their demands, stating that they attempted to engage with Reddit on April 13 and June 16, but their efforts proved fruitless. In addition to their needs, they have also resorted to mocking Reddit’s CEO, Steve Huffman, commonly known by the username /u/spez. It is worth noting that this incident resembles a traditional ransomware attack; however, Reddit’s systems remain operational, and the hackers have not imposed any restrictions on their access. While a Reddit spokesperson did not comment when approached by TechCrunch, they confirmed that ALPHV’s threat is related to the February data breach. At that time, Reddit had assured its users that no customer data, banking information, or user passwords had been compromised. The hackers had access to internal documents and the website’s underlying code.
Although the hackers have made audacious claims and presented their demands, they have yet to substantiate their possession of the stolen data. It remains to be seen whether Reddit will succumb to ALPHV’s demands and reverse the API changes or they will choose an alternative course of action. The unfolding situation will determine how Reddit responds to this unsettling predicament.