The ALPHV ransomware gang is demanding Reddit pay $4.5 million and stop the company’s plan to charge for API access or else data will be leaked.
(Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images)
As it turns out, the Reddit hack back in February may have resulted in a ransomware gang stealing 80GB of data from the social media platform.
The claim comes from the ALPHV/Blackcat ransomware group, which has been trying to extort Reddit into paying to keep data private.
“The operators sent emails to Reddit twice, once on April 13 and once on June 16,” the group claimed. “There was no attempt to find out what we took.”
The ALPHV gang, which is likely based in Russia, is now demanding that Reddit pay $4.5 million or else it will leak the data on the group’s Dark Web site. However, ALPHV’s post indicates that Reddit has no plans to bribe the ransomware gang.
In response, ALPHV is taking advantage of recent news about Reddit, which is facing protests from users angry about the company’s plan to charge for API access, which risks shutting down several third-party apps.
“We are very confident that Reddit will not pay money for your data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting sensitive data we take,” the gang stated in its post. “Did you know that they also silently censor users? Along with artifacts from his GitHub!”
In addition to the $4.5 million extortion fee, ALPHV is demanding that Reddit cancel its plan to charge for API access or else release the stolen data. The group also shot Reddit CEO Steve Huffman, who goes by Spez and has faced widespread criticism for his handling of the blackout protest. “Pass the torch Spez, you are no longer cut out for this kind of work,” the group wrote.
Reddit declined to comment on the ransomware lawsuit. But the social media platform noted that the hackers only gained access “to some internal documents, code and some internal business systems.” No user accounts or passwords were compromised. To breach Reddit, the hackers used (Opens in a new window) phishing messages that successfully targeted a company employee.