BlackCat Ransomware Group Threatens to Leak Data Stolen in Reddit Cyberattack

By Richard Anderson

The BlackCat ransomware group, aka ALPHV, claims it stole 80GB of data in a Reddit cyberattack in February 2023, and is now threatening to leak the stolen data if Reddit doesn’t pay up.

The attack in question, according to a February 9, 2023, announcement by Reddit, started with a phishing attempt on an employee that allowed the group to steal credentials that provided access to sensitive data. Reddit said the stolen data includes source code, employee information, and limited information about the site’s advertisers. Some internal dashboards and business systems were also accessed in the attack; however, the breach is not believed to have resulted in access being gained to the primary production systems that run Reddit.

BlackCat has now taken credit for the attack and has posted files on its data leak site which the group claims were stolen in the February attack, and has issued a threat to leak all 80 GB of data it stolen in February after Reddit failed to negotiate with the group or pay the $4.5 million ransom demand. This attack did not involve ransomware, instead, the group stole data and issued a threat to publish that information if payment was not made.

According to the post, BlackCat is not expecting to receive payment to prevent the release of the data but is happy instead to let the public read Reddit’s confidential data, including how they track and silently censor their users. The group claimed to have made two attempts to contact Reddit since the attack but Reddit failed to respond. While the group said it would wait to publish data until Reddit’s IPO came along, it said now seemed like an opportune time to announce the data theft and release the stolen data.

This is not the first data breach for Reddit, as in 2018, hackers gained access to its systems and were able to steal a complete set of data from 2007 that included user data such as usernames, hashed passwords email addresses, private messages, and public posts. Reddit has not commented on the attack other than to confirm that the attack that the BlackCat group is referring to is the same attack that it publicly disclosed in February. While BlackCat is not one of the most prolific ransomware groups, it has conducted many attacks and its list of victims includes Western Digital and the Amazon-owned video surveillance company Ring.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news