Reddit says ransomware posting connected to February incident

Social media giant Reddit said recent claims by a notorious ransomware group are connected to an incident they announced in February.

On Saturday, the BlackCat/AlphV ransomware group threatened the company with claims that 80GB of stolen data would be released to the public if they were not paid $4.5 million. The gang also demanded the company end its controversial decision to charge third parties for using its API.

A Reddit spokesperson declined to comment on the situation but told Recorded Future News that the claims are tied to a February security incident that they published a blog post about and discussed on their own platform.

On February 9, the company said it experienced a “data security incident” where its internal systems were accessed through a “sophisticated phishing campaign.”

#BlackCat (#ALPHV) #ransomware group claims to have #hacked #Reddit (@Reddit), a US-based social news aggregation, content rating, and discussion site... pic.twitter.com/lNfAZIKdGL

— BetterCyber (@_bettercyber_) June 17, 2023

The company became aware of the incident on February 5 and said hackers were able to gain one employee’s credentials, giving them access to “some internal documents and internal business information.”

Law enforcement was notified after the hacker was removed from their systems.

“The information that was accessed may have included limited Reddit code, limited contact information for a small number of company contacts and employees (current and former), as well as limited advertiser information (no high risk data was accessed such as credit card details, company financial information, account passwords, campaign strategy or performance),” the company said.

“Production systems, including Reddit Ads platform, were not impacted and continue to operate as normal. Based on our investigation thus far, we have no evidence to suggest that any Reddit information has been published or distributed online.”

On Saturday, BlackCat ransomware actors announced that they were behind the incident and said the company had ignored two attempts to establish contact – once in April and another on June 16.

Reddit did not respond to questions about whether a ransom would be paid. The gang said it expects to leak the data at some point in the future but did not put a deadline on the claims.

Many experts said the hackers associated with the ransomware gang were also the people behind the Darkside ransomware group – which was responsible for the cyberattack on Colonial Pipeline.

The gang recently announced attacks on legal document platform Casepoint and payment processing giant NCR. Hackers also used their leak site to extort data storage giant Western Digital.