A ransomware group has claimed responsibility for an apparent security breach at Reddit earlier this year and has threatened to release the stolen data if its demands are not met.
The group, called BlackCat, says it possesses 80GB of data from Reddit and will release it publicly if a $4.5 million payout and a rollback of Reddit’s planned API pricing changes are not facilitated.
According to Bleeping Computer, this data breach had taken place in February this year and involved the phishing of a Reddit employee’s credentials.
At that time, the company’s statement had said that a “sophisticated and highly-targeted” attack was used to get access to internal documents and data, including contact information for employees and advertisers.
A post shared by researcher Dominic Alvieri has the BlackCat group claiming to be in possession of the stolen data and threatening to release it publicly if demands aren’t met.
Interestingly, the demand for the $4.5 million payout is accompanied by the appeal for a rollback of Reddit’s controversial new API pricing changes that are at the base of the company’s recent problems.
Some developers of third-party Reddit apps have claimed that the new API changes could see them having to pay millions of dollars per year to Reddit. They claim that the changes have been introduced with the aim of driving them out of business.
In support of these developers, over 8,000 of Reddit’s communities went dark for 48 hours between June 12 and June 14. While most of them have come back on, some continue to protest in their own unique ways.
The threat of this data leak has added to an already compounded list of Reddit’s problems ahead of its IPO that’s expected to launch this year.