Cyber Attacks/Data Breaches

Reddit hackers are threatening to release the stolen data from the February breach.

Published

on

 

 

A cyberattack on Reddit in February, in which the threat actors claimed to have stolen 80GB of data from the company, was carried out by the BlackCat (ALPHV) ransomware gang.

Reddit revealed on February 9 that a phishing attack on an employee on February 5 resulted in the hacking of its systems.

The threat actors were able to access Reddit’s systems through a phishing attack, stealing internal documents, source code, employee data, and limited information about the company’s advertisers.

In a post, Reddit CTO Christopher Slowe, aka KeyserSosa, explained, “After successfully obtaining the credentials of a single employee, the attacker gained access to some internal documents, code, as well as some internal dashboards and business systems.”

“We don’t show any signs of a breach in our primary production systems,” which are the parts of our stack that run Reddit and store most of our data.

However, Reddit stated that neither user passwords nor credit card information nor production systems were compromised.

Reddit did not provide many details about the phishing attack, but they did say that it was similar to a Riot Games phishing attack that allowed hackers to gain access to systems and steal source code for League of Legends (LoL), Teamfight Tactics (TFT), and the Packman legacy anti-cheat platform of the company.

The threat actors demanded $10 million from Riot during the attack to prevent the leak of the stolen data. However, the threat actors attempted to sell the data on a hacking forum for $1 million if a ransom was not paid.


The ALPHV ransomware operation, more commonly referred to as BlackCat, now asserts that it was behind the February 5th cyberattack on Reddit. This information was first discovered by Dominic Alvieri and shared with BleepingComputer.

The threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan to leak the data in a “Reddit Files” post on the gang’s data leak site.

The perpetrators of the threat claim that they attempted to get in touch with Reddit twice, on April 13 and June 16, and demanded $4.5 million in exchange for the deletion of the data.
“In my first email, I told them that I would wait for their IPO.” However, this seems like the ideal occasion! We are exceptionally sure that Reddit won’t pay any cash for their information,” compromised the ransomware activity.

“However, I am overjoyed to learn that the public will be able to read about all of the statistics they track about their users as well as all of the fascinating confidential data we collected. Did you know that they also censor users in secret? together with items from their GitHub!”

BleepingComputer has been able to confirm that this is the same attack that was disclosed by Reddit in February, despite the fact that Reddit declined to make any comments regarding BlackCat’s post.

Despite the fact that BlackCat is a group responsible for ransomware, they did not encrypt any devices during this attack.

A similar attack on Western Digital in March 2023, which resulted in a significant outage of the company’s My Cloud cloud service, is thought to have been carried out by the same hacking group.

The Western Digital attack’s perpetrators initially denied having a name, but screenshots of the stolen data were leaked on the ALPHV data leak website, where the perpetrators taunted the company about the attack.

In May, Western Digital sent notifications about data breaches to customers of its online stores, advising them that their data had been stolen during the attack.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version