The threat actors are now planning to leak the data, as they did not receive the ransomware amount demanded by them. February Cyberattack on Reddit On February 9, 2023, Social news aggregation and discussion website Reddit revealed that their systems were hacked in a sophisticated and highly-targeted phishing attack on February 5, 2023, after an employee fell victim to a phishing attack. This phishing attack allowed the threat actors to access employees’ credentials, some internal documents, source code, some internal dashboards and business systems, and limited advertiser information. According to Reddit, they became aware of the phishing attack on Sunday (February 7, 2023) after the affected employee self-reported the incident to the Security team soon after being phished. The company stressed that it had found no evidence of the breach of its primary production systems (the parts of its stack that run Reddit and store the majority of the site’s data). Also, the attackers could not access user passwords, accounts, or credit card information. Additionally, the company added that there was no evidence that the information stolen from Reddit was published or distributed online. “Exposure included limited contact information for (currently hundreds of) company contacts and employees (current and former), as well as limited advertiser information,” Christopher Slowe, aka KeyserSosa, Reddit CTO, explained in a post. “Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online.” In response to the incident, Reddit’s Security team quickly changed the status of the account by removing the infiltrator’s access to Reddit systems. The site even started an internal investigation into the incident. BlackCat Claims Responsibility Behind Reddit Hack Now, months after the security breach, ransomware Gang BlackCat (ALPHV) has claimed responsibility for the February 5 cyberattack on Reddit. The post was first spotted by Dominic Alvieri, a cybersecurity analyst and security researcher, on the gang’s data leak site in a “Reddit Files” post. He later shared the screenshot of the post from AlphV’s site on his Twitter handle. According to the post, the ALPHV claims to have stolen 80GB of compressed data in the February cyberattack. The gang attempted to contact Reddit officials on April 13th and June 16th and demanded $4.5 million in exchange for the deletion of data. However, they did not receive a response from Reddit; hence, they are now planning to leak the data. The hackers also threatened Reddit to withdraw their API pricing changes. The group also threatens to release data surrounding the statistics that they track about users as well as the company also silently censors users. “I instructed them in my first e-mail that I might wait for his or her IPO to return alongside. However this looks like the proper alternative! We’re very assured that Reddit is not going to pay any cash for his or her information,” threatened the ransomware operation. “However I’m very joyful to know that the general public will have the ability to examine all of the statistics they observe about their customers and all of the fascinating confidential information we took. Do you know in addition they silently censor customers? Together with artifacts from their GitHub!” Although Reddit has refused to comment on BlackCat’s post, BleepingComputer has independently verified and confirmed that the group is talking about the same attack disclosed by Reddit in February 2023.