On Sunday evening, Reddit experienced a cyberattack where hackers were able to breach their internal business systems. As a result, they gained unauthorised access to internal documents and source code, which they proceeded to steal.
The situation after Reddit's API price increase is getting messier. A group of hackers called BlackCat, who took 80GB of company data in February, is now demanding $4.5 million from Reddit. They want Reddit to change its recent policy decisions or else they will leak all the stolen information to the public. It's a difficult situation for Reddit to handle.
According to cybersecurity researcher Dominic Alvieri and as reported by BleepingComputer, the hacker group known as BlackCat, or ALPHV, claims to have sent two emails to Reddit requesting the company to meet their demands.
Reddit clarified that its production systems remained unaffected, ensuring that no user passwords, accounts, or credit card information were compromised. Although Reddit did not provide extensive information about the phishing attack, they mentioned its resemblance to a previous incident at Riot Games. In the Riot Games attack, hackers used phishing techniques to access systems and pilfer source code related to popular games like League of Legends (LoL), Teamfight Tactics (TFT), and the company's Packman legacy anti-cheat platform.
Earlier this year, BlackCat successfully acquired some of Reddit's data using a phishing attack. This attack allowed them to steal employee information, internal documents, source code, and certain details about the company's advertisers. According to Christopher Slowe, Reddit's CTO and founding engineer, the group tricked one Reddit staff member, who inadvertently granted them access. The targeted employee quickly reported the incident, and Reddit's security team promptly revoked the intruder's access.
“On late February 5, 2023, we became aware of a sophisticated phishing campaign that targeted Reddit employees,” Slowe said. “As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway, in an attempt to steal credentials and second-factor tokens. [However,] we show no indications of a breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data). [...] Based on our investigation so far, Reddit user passwords and accounts are safe.”
It is important to note that in this attack, BlackCat, the ransomware gang involved, did not encrypt any devices.The same group is suspected to be responsible for a similar attack on Western Digital in March 2023, which resulted in a significant outage of the company's My Cloud cloud service.
Initially, the threat actors behind the Western Digital attack claimed to be anonymous. However, screenshots of the stolen data were later leaked on the ALPHV data leak site, where the attackers taunted the company. In May, Western Digital sent data breach notifications to customers who had made purchases from their online store, informing them that their data had been compromised during the attack.
The planned changes in API pricing on Reddit have caused a lot of disagreement, resulting in protests and temporary closures of many subreddits. Last week, around 7,100 subreddits went dark for 48 hours to express their concerns. The situation became so intense that the CEO of the company instructed employees not to wear Reddit-branded clothing in public, as reported in an internal memo obtained by The Verge.
0 Comments