After Hacking Reddit, Hackers Threaten to Leak Stolen Data

Daniel ZimmermannJune 21, 2023

0 85 2 minutes read

During the February hack of Reddit, hackers managed to compromise one of the employees and gain access to internal business systems, steal internal documents and a source code.

The BlackCat hacker group (ALPHV) has now claimed responsibility for the attack, and the attackers claim to have stolen 80GB of data.

Let me remind you that we also wrote that Reddit launches a public bug bounty program, and it is also interesting to recall that Unknowns hacked accounts of Reddit moderators for campaigning for Trump.

Let me remind you that the Reddit hack occurred in early February 2023. At the time, Reddit representatives reported that the attackers used a phishing bait and attacked employees, trying to lure them to a landing page that mimicked one of the company’s intranet sites. This site was used to steal credentials and two-factor authentication tokens. Unfortunately, one of the employees fell for the hackers.

As shown by the investigation, hackers gained access to some internal documents, code, as well as a number of internal dashboards and business systems. In addition, the stolen data included information about the company’s contacts and the contact details of some current and former employees, and the stolen files also contained some information about advertisers (but bank card information, passwords and advertising performance indicators were not disclosed).

Although in February, Reddit representatives did not provide almost any details of the incident, the company referred to a similar incident, which Riot Games suffered at the beginning of the year. In January, hackers also compromised one of the employees, penetrated the company’s systems and stole the source code of the League of Legends (LoL) and Teamfight Tactics (TFT) games, as well as an outdated anti-cheat platform.

BlackCat ransomware group (ALPHV) has now claimed responsibility for the attack, according to Bleeping Computer. The message on the group’s website claims that during the attack, hackers stole 80 GB of data from the company and now plan to publish it in the public domain.

Let me remind you that recently BlackCat Group Leaks Western Digital Data to the Network.

Attackers say that twice, on April 13 and June 16 of this year, they tried to contact Reddit, demanding a ransom of $ 4.5 million for data removal, but never received a response.

reddit hack

In my first letter, I told them that I would wait for their IPO. But this looks like a great opportunity! We are fully confident that Reddit will not pay money for their data. And I’m very happy to know that the public will be able to read about all the statistics that they collect about their users and all the interesting confidential data that we received. Did you know that they are quietly censoring users?the attackers write.

Although representatives of Reddit declined to comment, Bleeping Computer confirms that the speech in the message of the hackers is about the same February attack. Journalists also note that although BlackCat is a ransomware group, during this incident, hackers did not encrypt Reddit devices.

Sending