Hackers affiliated with the BlackCat ransomware group have issued a warning that they may release 80GB of data stolen from Reddit, following a cyberattack earlier this year. The breach occurred in February when an employee fell victim to phishing, enabling the hackers to extract sensitive data. The threat escalates as the group demands a ransom alongside a reversal of Reddit’s recent changes to its application programming interface (API), which could effectively threaten the existence of various third-party Reddit applications.
A report from BleepingComputer, referencing cybersecurity expert Dominic Alvieri, indicates that the BlackCat group, also known as ALPHV, has taken responsibility for the incident, which transpired on February 5. The group has attempted to negotiate with Reddit since April 13 and June 16, urging the company to pay $4.5 million (approximately Rs. 37 crore) to secure the deletion of the stolen data.
The BlackCat group relayed their intentions through posts on their website, expressing confidence that Reddit is unlikely to comply with their demands. They indicated their anticipation for the company’s initial public offering (IPO) as a significant moment for their plans, stating, “We are very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took. Did you know they also silently censor users? Along with artifacts from their GitHub!”
In February, Reddit acknowledged the cyberattack and revealed that hackers had stolen source code, internal documents, and other confidential information following the phishing incident. At that time, BlackCat had not claimed responsibility. Their latest communication suggests that the hacking group is now prepared to release the stolen data if their ransom is not met and if Reddit does not revert its API pricing changes enacted to curtail third-party applications.
In recent days, numerous popular subreddits have gone private, restricting access as users protest against Reddit’s new API fees, which set a charge of $0.24 (around Rs. 20) for every 1,000 API calls. This change would impose substantial operating costs on third-party apps, with developers predicting a minimum expense of $1 (approximately Rs. 80) per user per month.
Christian Selig, the developer behind the widely-used Apollo app, highlighted the financial burden of these changes, estimating that maintaining such third-party services would lead to annual costs exceeding $20 million (around Rs. 160 crore). As a consequence, multiple app creators, including Selig, have decided to close their applications at the end of June, ahead of the new fee implementation.
The increasing discord surrounding Reddit’s new API policy has prompted moderators across various subreddits to engage in protest against the impending extinction of third-party applications, which serve crucial functions in managing their communities. Nevertheless, amidst these protests, Reddit claimed that around 80 percent of its most popular subreddits remained active and open for users.
