Reddit Hackers Threaten to Release Stolen Data Unless API Changes Reversed

The BlackCat ransomware criminal group, also known by the alias ALPHV, has demanded a $4.5 million ransom and the revocation of planned API pricing changes from Reddit. The group has warned that failure to meet their demands will result in the publication of 80GB of stolen data, a consequence that could prove disastrous for the popular platform.

 

This comes after Reddit has been in the news recently for it’s changes to its API pricing structure which has lead to many third party Apps such as Apollo being forced to shut down. Christian Selig, the developer of the popular third party Reddit App “Apollo” said this past week “Going from a free API for 8 years to suddenly incurring massive costs is not something I can feasibly make work with only 30 days,”, he went on to say “That’s a lot of users to migrate, plans to create, things to test, and to get through app review, and it’s just not economically feasible. It’s much cheaper for me to simply shut down.”. He revealed that it would have cost Apollo aproximatly $20 million a year to continue to opperate under the new proposed plans. In protest of the changes, the Raddit comminity has also made many of the top community forums private, preventing access to these popular r/ communities. The change to redit’s API pricing has been seen as a way of them preventing, or monetising, on Artificial Intleigence or Large Language Models such as Chat GPT, Google Bard and more, being trained on the vast amount of Data and Information that is available publicly.

 

The data breach, which was confirmed by Reddit in February this year, saw the attackers infiltrate internal documents and codes, alongside gaining access to business systems. Whilst there was no indication that user accounts or production systems were compromised, the incident raised concerns across the cyber security community that until now had been left unanswered. Now, months later, the criminals have surfaced with their demands, ramping up the tension in an already serious situation. Dominic Alvieri, a renowned cyber security analyst and security researcher, tweeted a screenshot showing the BlackCat/ALPHV group’s demands on their dark web site. These websites have increasingly become a tool for ransomware criminals to escalate their threats and exert pressure on their victims (as seen in the recent MOVEit Cyber Attack), especially those whose data has been surreptitiously exfiltrated. Surprisingly, the BlackCat group did not encrypt any devices during this attack, diverging from their typical approach in other cyber attacks. The nature of the stolen data is unclear, but the group’s current claims are causing alarm.

 

According to the criminals, they initially breached Reddit servers on February 5, 2023, and extracted a total of 80GB of “zipped” data. It remains unclear whether this size refers to the compressed or uncompressed data. The group claims to have contacted Reddit twice, on April 13 and June 16, stating their ransom demand of $4.5 million for the deletion of the data. Now, they have brought their demands to the public, adding the removal of API pricing changes to their list of prerequisites. Yet, the likelihood of these demands being met seems virtually non-existent. It appears that BlackCat is attempting to capitalise on the current media focus on Reddit, spurred by group blackouts in protest against the API pricing changes. Ransomware groups typically crave publicity and media coverage, contrary to the typical behaviour of criminals who prefer to operate under the radar.

 

So, what would a data release entail? It’s relativly safe to say that user data, such as account details, passwords, or payment information, is unlikely to be included, given Reddit’s assurance that ‘live’ production systems were not breached. However, we would still advise changing passwords & implementing Multi-Factor Authentication if you haven’t already done so. Instead, BlackCat alludes to data concerning user statistics and how Reddit allegedly “silently censors users.” Whilst this information may not perturb Reddit users, it could potentially fuel further protests given the current discontent amongst the Reddit community.

 

One2Call work with businesses across the UK to help them protect their sensitive data. Unlike Anti-Virus, our Endpoint Detection & Response Solution is able to detect and prevent Unusual, Suspicious or Malicious activity on your Endpoint Devices, blocking attacks in their tracks, and by pairing this with our 24/7 SOC (Security Opperations Centre) it’s like having your own Cyber Security Professionals on hand 24/7 to protect you from these latest threats before they could potentially wreak havoc on your business. Find out more about Endpoint Detection & Response at the link below.