Months after cyber-attacking Reddit, the BlackCat ransomware is threatening the social media company to leak its stolen data – after failing the ransom talks.
As per its data leak site, the BlackCat group claims to have ignored its $4.5 million ransom demand from Reddit, combined with the recent API pricing changes that triggered them to leak the stolen data from an earlier breach. Reddit has not commented on this yet but confirmed the earlier breach.
Breaching and Leaking Reddit Data
In February this year, one of the Reddit employees was targeted in a carefully crafted phishing campaign that resulted in stealing his company credentials and accessing the sensitive data of Reddit.
Though Reddit confirmed the breach and explained how it’s taking care of the platform later on, it didn’t disclose the perpetrator behind this attack. Well, now, ALPHV ransomware (popularly known as BlackCat) claims the act and threatens to leak the stolen data from the hack.
As posted on their data leak site, the BlackCat ransomware gang claims to have 80GB of Reddit’s data, and will leak soon if the social media company doesn’t reverse its API pricing policies or pay the demanded ransom.
The group claimed to have contacted Reddit twice with a ransom demand of $4.5 million but didn’t receive any response. And for API pricing, Reddit has decided to change its API access to third-party apps, which many groups protest.
While they’re facing the heat, the BlackCat group is preparing to leak a bulk of Reddit’s data – which includes internal documents, source code, employee data, and limited data about the company’s advertisers. Reddit has earlier stated that none of their production systems was hit in the breach, and there’s no evidence for the leak of user passwords, accounts, or credit card information.