Black Cat Ransomware Gang Claims 80 GB of Stolen Reddit Data

In February, Reddit, the social news aggregation platform, experienced a security breach in which unauthorized individuals gained access to internal documents, code, and certain business systems.

The company disclosed that it fell victim to a sophisticated and targeted attack on February 5, 2023. The attack took the form of a highly-targeted phishing campaign directed at Reddit employees. It's important to note that user passwords and accounts were not compromised in this incident.

The spear-phishing messages employed a tactic of redirecting users to a website that mimicked the company's intranet gateway. The landing page of this deceptive website was designed to deceive victims into providing their login credentials and second-factor authentication tokens.

According to a notice released by the company, the phishing campaign was discovered on late February 5, 2023 (PST). The attackers used plausible-sounding prompts to direct employees to the clone website of Reddit's intranet gateway, aiming to steal their login information and second-factor tokens.

Once the attackers obtained the credentials of a single employee, they were able to gain access to certain internal documents, code, internal dashboards, and business systems. It's important to note that the primary production systems of the company were not compromised.

The notice further states that the exposure was limited to some contact information of current and former company contacts and employees, as well as limited advertiser information. The initial investigation conducted by Reddit's security, engineering, and data science teams found no evidence suggesting that any non-public data had been accessed, published, or distributed online.

Upon discovering the incident, the affected employee self-reported the phishing attempt, leading to an internal investigation to assess the extent of the breach. Reddit's Security team promptly responded to the incident by blocking the intruders' access.

Subsequently, the BlackCat/ALPHV ransomware gang claimed responsibility for the cyberattack on Reddit in February. The group alleges to have stolen 80GB of data (compressed) from the platform. They attempted to contact Reddit twice, on April 13 and June 16, but were unsuccessful.

Black Cat Publishes Claims of 80 GB Stolen from Reddit

The ransomware group published a message on its Tor data leak site, stating that they broke into Reddit on February 5, 2023, and acquired 80 gigabytes of data. They mentioned emailing Reddit twice but did not attempt to determine the exact nature of the stolen data. Additionally, the group criticized Steve Huffman, Reddit's CEO, for his actions and referenced previous instances involving business leaders during public company events. They expressed confidence that Reddit would not pay any ransom for the stolen data and seemed eager for the public to have access to the statistics and confidential information they had obtained.

The BlackCat/ALPHV group is demanding $4.5 million to delete the stolen data. This cybercriminal organization has been active since November 2021 and has targeted various victims, including SOLAR INDUSTRIES INDIA (an industrial explosives manufacturer), NJVC (a US defense contractor), Creos Luxembourg S.A. (a gas pipeline company), Moncler (a fashion giant), Swissport, NCR, and Western Digital.

The ransom demands from this group have varied, ranging from tens of thousands of dollars to tens of millions of dollars, depending on the victim.