Reddit’s week appears to have gone from bad to worse, as AlphV (aka BlackCat) claims that on February 5, 2023, operators got into Reddit’s servers and stole 80 GB of compressed data. Furthermore, BlackCat contacted Reddit twice, once on April 13 and again on June 16, with no response and no attempt to determine what was taken.
Following the recent fallout from subreddit blackouts and CEO Steve Huffman’s controversial comments, Reddit has been struggling in the eyes of its users, who have been reportedly leaving the platform and setting up alternatives on the fediverse (such as Lemmy or kbin), which is used by Twitter alternative Mastodon.
The above-captured post also states that given the recent news, exposing the breach publicly now is an opportune moment, whereas previously they would have waited until the IPO. They also claim to have demanded $4.5 million in exchange for the erasure of the material and their silence.
In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.
We expect to leak the data.
DataBreaches.net
When contacted in February, Reddit initially posted on its blog and the /r/reddit subreddit with specifics of their investigation and what data had been hacked. According to the post on the subreddit below, while it does not have a statement particularly on this danger, it assures its users that their passwords and accounts are safe.
“Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems.”
DataBreaches.net