Reddit's week appears to have gone from bad to worse, as AlphV (aka BlackCat) has claimed that operators broke into Reddit's servers on February 5, 2023, and took 80 GB of zipped data. Furthermore, Reddit has been contacted by BlackCat, once on April 13 and again on June 16, with no response and no attempt to find out what was taken.
Following recent fallout from the subreddit blackouts, and the controversial comments from CEO Steve Huffman, Reddit has been having a tough time in the eyes of its users who have been reportedly leaving the platform and setting up alternatives on the fediverse (such as Lemmy or kbin), used by the Twitter alternative Mastodon.
The post, captured above, also goes on to state that publishing the breach publicly now is a good time given the recent news, saying that originally they would have waited for the IPO to come along. Furthermore, they say that they wanted $4.5 million in exchange for the deletion of the data and their silence.
In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.
We expect to leak the data.
Reddit originally posted on its blog and on the /r/reddit subreddit when contacted in February, with details of their investigation and on what data was compromised. It says in the post on the subreddit below that while it doesn't have a comment specifically on this threat, it provides reassurance to its users that user passwords and accounts are safe.
"Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to some internal documents, code, and some internal business systems."