Reddit hackers demand $4.5 million ransom and API pricing changes
source link: https://www.theverge.com/2023/6/19/23765895/reddit-hack-phishing-leak-api-pricing-steve-huffman
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Reddit hackers demand $4.5 million ransom and API pricing changes
/In February, hackers gained access to internal Reddit data through a phishing campaign targeting employees. The hackers want ransom money — plus changes to the controversial API updates.
By Mia Sato, platforms and communities reporter with five years of experience covering the companies that shape technology and the people who use their tools.
Share this story
:format(webp)/cdn.vox-cdn.com/uploads/chorus_asset/file/23985506/acastro_STK024_02.jpg)
A ransomware group is claiming responsibility for a hack on Reddit’s systems earlier this year — and demanding not just money but policy changes.
BlackCat, a ransomware group, says it was behind the February phishing attack on Reddit, as previously reported by Bleeping Computer. In a post shared by researcher Dominic Alvieri, BlackCat claims to have stolen 80GB of data from Reddit and threatens to release it publicly if demands aren’t met. The group wants a $4.5 million payout in exchange for the data and also demands Reddit roll back its planned API pricing changes that spurred user and moderator protests last week.
At the time of the hack, Reddit said hackers had used a “sophisticated and highly-targeted” phishing attack to get access to internal documents and data, including contact information for employees and advertisers. The company maintained that the hackers hadn’t accessed user data that wasn’t public.
Reddit declined to comment on the record about the hack. Bleeping Computer reports that the BlackCat hack and the incident disclosed by Reddit in February are the same.
BlackCat’s new demands around API pricing changes follow a contentious back-and-forth between Reddit leadership and some of its most engaged users. After Reddit announced it would begin charging developers of third-party apps — potentially to the tune of millions of dollars a year — many top subreddits went dark in response, limiting new posts and closing public access. In an interview with The Verge, Reddit CEO Steve Huffman said the platform was “never designed” to support third-party apps and that the company wouldn’t pull back from its proposed changes.
Reddit previously fell victim to an attack in 2018 in which a hacker gained access to user data, including email addresses and old usernames and passwords.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK