The February 5th intrusion on Reddit was allegedly carried out by the ALPHV ransomware operation, also known as BlackCat.
Threat actors gained Reddit’s systems through this phishing attempt to obtain internal documents, source code, employee data, and some information about the company’s advertisers.
Reddit revealed that its systems had been hacked on February 9. Threat actors specifically claim to have stolen 80GB of data from the company.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” Reddit CTO Christopher Slowe, formerly known as KeyserSosa, explained in a post.
“We show no indications of a breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).”
Reddit said that no user passwords, accounts, or credit card details were compromised and that production systems were not compromised.
Threat Actors Demanded $10 Million During The Attack
Reddit said that no user passwords, accounts, or credit card details were compromised and that production systems were not compromised.
While the company did not provide much specifics about the phishing assault, they said it was comparable to a phishing attempt on Riot Games that allowed hackers to access networks and obtain the source code for the company’s Packman legacy anti-cheat platform, Teamfight Tactics (TFT), and League of Legends (LoL).
Threat actors requested $10 million during the attack on Riot in exchange for keeping the stolen data a secret.
However, the threat actors tried to sell the data for $1 million on a hacker site once the ransom was not paid.
The ALPHV Ransomware Operation (BlackCat)
Dominic Alvieri was the first to notice that the ALPHV ransomware operation, also known as BlackCat, was responsible for the assault on Reddit.
Threat actors claim to have taken 80 GB of compressed data from the firm during the assault, and they now intend to expose the contents in a “Reddit Files” post on the gang’s data leak website.
Threat actors claim they made two attempts to get in touch with Reddit on April 13 and June 16 and demanded $4.5 million for the content to be deleted, but they got no answer.
“I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data,” threatened the ransomware operation.
“But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took.
Did you know they also silently censor users? Along with artifacts from their GitHub!”
The Cyber Security News has been able to affirm that this is the same assault that Reddit announced in February, although Reddit has failed to comment on BlackCat’s statement.
Although BlackCat is a ransomware group, they did not encrypt any devices during this attack; it should be emphasized.
Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus