What Happened
In February, Reddit experienced a breach through a sophisticated phishing campaign, resulting in the theft of credentials and two-factor authentication tokens. The attack involved an employee being tricked into handing over details, which were then used to gain access to internal documents, code, dashboards, and business systems. The Reddit breach included limited contact information of company contacts and employees, as well as information about advertisers. Reddit assured its users that their passwords were safe and stated that the breach did not impact the main systems that run Reddit or store non-public user data.
Hackers’ Intentions
The BlackCat ransomware group, also known as ALPHV, claimed responsibility for the Reddit breach and demanded a ransom of $4.5 million. They threatened to leak approximately 80GB of stolen data after their ransom demands were ignored. The group made bold claims about the confidential information they obtained, including statistics about Reddit users and allegations of silent censorship by the platform. Additionally, BlackCat demanded that Reddit reverse its controversial API pricing changes, indicating that their intentions went beyond financial gain.
Reddit’s Response
Reddit responded to the breach by promptly locking down their systems, investigating the incident, and assuring users that their passwords and accounts were safe. They received praise for their clear messaging during the incident, providing transparency to users about the extent of the breach and the safety of their login details. Although the attackers accessed some internal data and systems, there were no signs that the breach affected the main Reddit infrastructure or exposed significant user data. However, the recent claims by the BlackCat group indicate that the situation may be more serious than initially assessed.
Brief Conclusion
The aftermath of the Reddit breach continues as the Black Cat ransomware group threatens to leak the stolen data and demands a ransom from Reddit. The breach occurred due to a phishing attack, and although passwords and user accounts were not compromised, internal documents, code, and limited contact information were accessed. The intentions of the hackers extend beyond financial gain, as they also seek to challenge Reddit’s API pricing changes. Reddit now faces the challenge of dealing with the potential release of sensitive information and navigating the aftermath of the breach while addressing other issues, such as the backlash over their API pricing and recent layoffs.
- UK Law Enforcement Closed LabHost, a Phishing Service Provider
- FBI Reports US and Partners Forced Out Russian Hackers
- Brazilian Officials Detain Banking Trojans Cybercrime Gang
- LockBit Claims Ransomware on India’s National Aerospace Lab
- [CVSS 9+] CISA Releases Seventeen Industrial Control Systems Advisories
- Did Caesars Entertainment Pay $15M Ransom?