Mired in controversy over its application programming interface (API) changes, Reddit is now in for further trouble as hackers have threatened to release 80GB of data stolen from the social discussion platform unless the company pays a ransom demand and reverses its controversial API price hikes.
The BlackCat ransomware gang, also known as ALPHV, is demanding $4.5 million in exchange for deleting the stolen data. The hackers have claimed to have stolen the data on a post on its dark web leak site.
A Reddit spokesperson Gina Antonini confirmed that “BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9”. At the time, Reddit CTO Christopher Slowe, or KeyserSosa, said that hackers had accessed employee information and internal documents during a “highly-targeted” phishing attack. Slowe added that the company had “no evidence” that personal user data, such as passwords and accounts, had been stolen.
BlackCat’s post also claims:
In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.
We expect to leak the data.
Reddit didn’t share any further details about the attack or who was behind it. However, BlackCat over the weekend claimed responsibility for the February intrusion and threatened to leak “confidential” data stolen during the breach. It’s unclear exactly what types of data the hackers have stolen, and BlackCat hasn’t shared any evidence of data theft.
BlackCat was also linked to a March attack on Western Digital that saw hackers steal 10 terabytes of data from the company, including reams of customer information. That same month, the gang also threatened to leak data allegedly stolen from Amazon-owned video surveillance company Ring.
Meanwhile, during the subreddits’ protest against the company’s new application programming interface (API) pricing changes, Reddit’s average daily traffic reportedly fell as compared to the last month. More than 57 million daily visits to the social discussion platform were recorded on June 11, the day before the blackout started, across desktop and mobile web clients.
Daily visitors dropped below 55 million by the end of the first day of the protest. Less than 53 million daily visitors on the platform were then recorded at the end of June 13. The 52,121,649 visits Reddit received on June 13 reflected a 6.6 percent drop from the website’s average daily traffic over the previous month.