Hackers Say They'll Leak Reddit Data If API Pricing Changes Aren't Reversed
The tussle over high API pricing between Reddit and its largest communities going dark in protest now involves hacking and ransom. In February, Redditt confirmed that its systems were hacked using a "sophisticated and highly-targeted phishing attack," in which information belonging to employees and advertising details were compromised.
Cybersecurity analyst Dominic Alvieri confirmed that the hacking gang BlackCat had claimed responsibility for the attack. Per details shared via Twitter and Bleeping Computer, the hackers previously demanded $4.5 million as ransom in exchange for their silence. Now, the minds behind BlackCat are threatening to release 80GB of compressed files stolen from Reddit servers sooner than expected.
So far, Reddit hasn't commented on the hacking group's demands, but BlackCat claims to have reached the company twice with their offer. Since those attempts, Reddit announced its controversial API policy, leading to widespread backlash and apps shutting down. BlackCat now wants Reddit to roll back its API policy changes on top of fulfilling the multi-million ransom demand, or it claims it will release the data.
According to an FBI alert issued over a year ago, the BlackCat ransomware gang first appeared on the radar in 2021, making waves with an attack on PCs belonging to the Multi-State Information Sharing and Analysis Center (MS-ISAC). The attack was also assisted by other groups that have leased the BlackCat hacking tools in exchange for a cut from their earnings.
Reddit's woes keep worsening
Poynter says the BlackCat group uses ransomware and DDoS attacks, then extorts money with threats of leaking confidential information. The latter appears to be the case with Reddit, with the hackers claiming that the data they stole will expose how the social media platform tracks and silently censors users. The hackers claim to have stolen sensitive information from Reddit's GitHub repositories and employee personal information. They initially gave Reddit until its IPO to meet its demands, a timeline they've now shortened.
Reddit plans to go public later this year, which explains why its CEO, Steve Huffman, justifies the new API pricing by saying the company needs to become self-sustaining. However, the revised API pricing has been called extreme by users. For example, the alternative Reddit mobile app Apollo could end up paying around $20 million each year based on its usage statistics. It plans to shut down in June due to the new costs. In protest of the changes, thousands of subreddits have gone private.
Reddit chief Huffman subsequently did an ask-me-anything session, which only inflamed the issue. In the days that followed, protesting communities have accused Reddit of using shady tactics to kick the protesting moderators out of its largest communities. According to leaks, Huffman has reportedly told employees that the backlash will pass soon, further angering protestors.