Ransomware group BlackCat are reportedly demanding $4.5m from Reddit and asking it to withdraw its API pricing changes.
Hackers who claim to have compromised Reddit’s systems back in February are now threatening to release confidential data worth up to 80GB unless the company pays a ransom and backtracks on its controversial API price hikes.
According to a TechCrunch report, a ransomware gang known as BlackCat has taken responsibility for the earlier cyberattack and threatened to make the confidential data public without revealing much about the contents or providing proof of its attack’s success.
A Reddit spokesperson confirmed to the outlet that the BlackCat threat relates to the February breach the company had announced.
Reddit chief technology officer and founding engineer Christopher Slowe wrote in a post on 9 February that the website was targeted by a “sophisticated and highly targeted” phishing attack when hackers gained access to some internal documents, code and internal business systems.
“We have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online,” Slowe wrote at the time.
“Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information.”
In a post on its dark web leak site, BlackCat said it is demanding $4.5m in exchange for deleting the stolen data. The group also want Reddit to withdraw its API pricing changes that have caused widespread protests from regular users of the social news and discussion website.
API pricing controversy
Essentially, Reddit is planning to monetise access to its APIs, which has been criticised by developers and users. Multiple subreddits were restricted or changed to private last week as a response to API changes that Reddit CEO Steve Huffman has continued to defend.
“Please know that our teams are on it, and like all blowups on Reddit, this one will pass as well,” Huffman said last week in a memo shared by The Verge. “We have not seen any significant revenue impact so far and we will continue to monitor.”
At the time, Huffman doubled down on the API decision in this memo and claimed that the only “long-term solution” is improving Reddit.
In the case of social media sites like Twitter and Reddit, APIs allow third parties to obtain publicly available data from these platforms, which can be used to create external apps with various uses. They also help researchers collect website data for various projects.
In February, Dr Jon-Patrick Allem of the University of Southern California said the removal of a free API would delay the gathering of potential knowledge and “ultimately reduce the number of participants working to understand the world around us”.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.