The scenario surrounding Reddit’s adjustments to its API continues to get even weirder. Earlier this 12 months, a ransomware group used a classy phishing assault to steal 80GB of information from Reddit. Now, ransomware group BlackCat is claiming accountability for that hack and threatening to launch that info if Reddit doesn’t reverse its API adjustments and pay a $4.5 million ransom…
As noticed by Bleeping Pc, researcher Dominic Alvieri noticed BlackCat’s announcement in the present day through which it threatens to launch the info publicly if Reddit doesn’t meet its calls for.
BlackCat is demanding that Reddit not solely pay that $4.5 million ransom but in addition reverse its controversial API adjustments that can kill many third-party apps. BlackCat was beforehand ready for Reddit’s long-awaited IPO to assert accountability for this breach however has as an alternative opted to grab on the continued controversy surrounding these API adjustments.
I informed them in my first electronic mail that I’d wait for his or her IPO to return alongside. However this looks like the right alternative! We’re very assured that Reddit won’t pay any cash for his or her information. However I’m very pleased to know that the general public will have the ability to examine all of the statistics they monitor about their customers and all of the attention-grabbing confidential information we took.
In our final electronic mail to them, we acknowledged that we wished $4.5 million in trade for the deletion of the info and our silence. As we additionally acknowledged, if we needed to make this public, then we now demand that additionally they withdraw their API pricing adjustments together with our cash or we’ll leak it.
Reddit publicly acknowledged the safety incident again in February, saying that it was a “refined and highly-targeted phishing assault.” The attackers despatched “plausible-sounding prompts” redirecting staff to a web site that cloned the conduct of the corporate’s intranet. In consequence, the attackers had been capable of steal credentials and two-factor tokens.
Primarily based on our investigation to this point, Reddit consumer passwords and accounts are protected, however on Sunday evening (pacific time), Reddit programs had been hacked because of a classy and highly-targeted phishing assault. They gained entry to some inside paperwork, code, and a few inside enterprise programs.
BlackCat believes that Reddit won’t pay the $4.5 million ransomware, nor will it reverse its deliberate API adjustments.
Comply with Likelihood: Twitter, Instagram, and Mastodon. Join within the 9to5Mac Discord.
Learn extra on Reddit:
FTC: We use revenue incomes auto affiliate hyperlinks. Extra.
