'We Expect to Leak the Data': Reddit Hackers Demand $4.5 Million and API Pricing Changes But Say They Doubt The Company Will Pay The ransomware group BlackCat (also known as ALPHV) is threatening to release 80 gigabytes of data if Reddit doesn't meet the hackers' demands.
Opinions expressed by Entrepreneur contributors are their own.
It hasn't been an easy month for Reddit. Last Monday, thousands of Reddit forums went dark in protest against the company's new API pricing that could cause third-party apps that use the platform, like Apollo, to shut down.
Now, Reddit is the target of the hacking group BlackCat (also known as ALPHV), who claim to have stolen 80 gigabytes of data (which they say they will leak if Reddit doesn't pay $4.5 million), the hackers wrote in a dark web post on Saturday, shared by researcher Dominic Alvieri on Twitter.
The ransomware group claims it was behind the February phishing attack on Reddit, where the stolen data came from. A spokesperson for Reddit has confirmed to Entrepreneur that the recent threat by BlackCat relates to the February incident and is "not a new hack."
The Reddit Files.@Reddit https://t.co/cIUyCWwMlP pic.twitter.com/gyHA7lplvG
— Dominic Alvieri (@AlvieriD) June 17, 2023
The spokesperson added that user data such as passwords were not accessed, but the hackers did "gain access to some internal documents, code, and some internal business systems." Reddit did not indicate whether it intends to pay the ransom. BlackCat, however, is "very confident" that Reddit will "not pay any money for their data," the group wrote in the post: "We expect to leak the data."
Related: Amazon Ring Is the Latest Target of Notorious Ransomware Gang
It's not just millions that the hackers are after, either. In addition to the $4.5 million ransom, BlackCat has demanded that Reddit undo the policy changes to its API, which sparked the site-wide protest.
However, some experts are skeptical of the ransomware group's incentive to support the protestors' cause.
"I suspect that ALPHV doesn't actually care about the API pricing," Brett Callow, threat analyst at cybersecurity firm Emsisoft told CNN. "They simply want future victims to see how much ongoing harm they can cause to increase the likelihood of them deciding that payment is the least painful option."
Related: Cyber Attacks Are on the Rise in Hospitals, Incidences Have More Than Doubled in 5 Years
