According to a recent tweet by cybersecurity analyst and security researcher Dominic Alvieri, a cybercrime group called BlackCat (also known as ALPHV) has issued a threat to release 80GB of compressed data stolen from Reddit during a February 2023 security breach.
The group is demanding a $4.5 million ransom and a reversal of recent API pricing changes.
While the report does not specify the requested payment method, the groups would almost certainly request cryptocurrency — typically in the form of Monero (XMR) or Bitcoin (BTC).
Reddit confirmed the breach earlier this year, which allowed hackers to access internal documents, code and business systems, but there was no evidence that user accounts were compromised or production systems were breached.
The BlackCat group's demands were made public via posts on its leak site, a common tactic used by ransomware groups to put pressure on victims.
Cybersecurity analyst and security researcher Dominic Alvieri shared a screenshot of the group's demands on Twitter. Although BlackCat is a ransomware group, no devices were encrypted during this attack, but a large amount of data was indeed exfiltrated. The specific details of the stolen data have not yet been disclosed.
According to the group's post, they successfully hacked into Reddit's servers on February 5, 2023 and extracted 80GB of compressed data.
It is unclear whether the number refers to the compressed or uncompressed size of the data. The group claims to have contacted Reddit on April 13 and June 16, demanding a payment of $4.5 million for the deletion of the data. They also warned that if the extortion attempt must be made public, they will demand a reversal of the API pricing changes.
The likelihood that Reddit will comply with these requests is slim. BlackCat appears to be taking advantage of the media attention that Reddit is currently receiving due to a collective blackout in protest of API pricing. Ransomware attackers often seek publicity and media coverage, contrary to the criminals' general preference to avoid the spotlight.
If BlackCat did release the stolen Reddit data, it is unlikely to include user data such as account details, passwords, or payment information.
Reddit has maintained that its production systems that hold such data were not breached. Instead, BlackCat hinted at revealing “all the statistics they track about users,” as well as data about how Reddit “silently censors users.”
While it’s uncertain to what extent Reddit users will care about shadowbans and tracking systems, this could fuel further protests against the platform.
As of now, Reddit has not confirmed any of the gang’s claims regarding the ransom request and the type of data it claims to have. We will provide updates as more information becomes available.