According to a recent tweet by cybersecurity analyst and security researcher Dominic Alvieri, a cybercriminal group known as BlackCat, also referred to as ALPHV, has issued a threat to release 80GB of compressed data stolen from Reddit during a security breach in February 2023.
The group is demanding a ransom of $4.5 million and the reversal of recent API pricing changes.
While reports do not specify the method of payment requested, such groups are nearly guaranteed to request cryptocurrency — usually in the form of monero (XMR) or bitcoin (BTC).
The breach, which Reddit confirmed earlier this year, allowed the hackers to access internal documents, codes, and business systems, but there was no evidence of user accounts being compromised or production systems being breached.
The BlackCat group’s demands were made public via a post on their leak site, a common tactic used by ransomware groups to apply pressure on their victims.
Cybersecurity analyst and security researcher Dominic Alvieri shared a screenshot of the group’s demands on Twitter. Despite being a ransomware group, BlackCat did not encrypt any devices during this attack but did exfiltrate a significant amount of data. The specifics of the stolen data have not been disclosed.
According to the group’s post, they successfully breached Reddit’s servers on February 5, 2023, and extracted 80GB of zipped data.
It remains unclear whether this figure refers to the compressed or uncompressed size of the data. The group claims to have contacted Reddit on April 13 and June 16, demanding $4.5 million for the deletion of the data. They also warned that if they had to make the extortion public, they would demand the reversal of the API pricing changes.
The likelihood of Reddit complying with these demands is slim. It appears that BlackCat is capitalizing on the current media attention on Reddit due to group blackouts protesting the API pricing. Ransomware actors often seek publicity and media coverage, contrary to the usual criminal preference for avoiding attention.
If BlackCat does release the stolen Reddit data, it is unlikely to include user data such as account details, passwords, or payment information.
Reddit has consistently maintained that the production systems holding such data were not breached. Instead, BlackCat hints at revealing “all the statistics they track about their users,” and data concerning how Reddit “silently censors users.”
While it’s uncertain how much Reddit users will care about shadowbans and tracking systems, this could potentially fuel further protests against the platform.
As of now, Reddit has not confirmed any of the statements made by the criminal group regarding ransom requests and the type of data they claim to possess. Updates will be provided as more information becomes available.
