Reddit, the popular social media platform, is currently grappling with the fallout of a security breach by the BlackCat ransomware gang, also known as ALPHV. The group has claimed responsibility for a February 2023 cyberattack, asserting that they have stolen 80 gigabytes of compressed data from Reddit’s systems12.
The BlackCat gang has since threatened to leak this confidential data unless their demands are met. Alongside a $4.5 million ransom for the deletion of the stolen data, they are also insisting that Reddit reverses its contentious new API pricing changes. The group reportedly made its first demand in April 2023 and followed up in June 2023 after receiving no response from Reddit12.
The security breach itself dates back to early February, when Reddit’s systems were reportedly compromised in a “sophisticated and highly targeted phishing attack”12. Initially, Reddit claimed that the hackers had accessed employee information and internal documents, but they found “no evidence” that personal user data, such as passwords and accounts, had been stolen13.
Amid this security crisis, Reddit’s new API pricing plans have stirred considerable controversy among its user base. Popular third-party Reddit app Apollo announced its closure as a result of the new pricing, and thousands of subreddits, including r/music and r/videos, went dark in protest13. Critics argue that the pricing changes, which charge $0.24 per 1,000 API calls, could rack up costs in the tens of millions of dollars annually for popular third-party apps that rely on the API to enhance the Reddit experience for forum moderators and users3.
While some believe that Reddit’s pricing changes are an attempt to drive more users towards the official Reddit app, the company’s CEO, Steve Huffman, has stated that the pricing plan is a necessary measure for the company to turn a profit. Huffman also alluded to the vast amount of training data extracted from Reddit by developers of next-gen AI models, asserting that Reddit should get a share of these developers’ fortunes by making them pay for API access3.
As of now, Reddit has not publicly responded to the ransom demands or indicated plans to reverse its API pricing changes. However, the company’s refusal to meet these demands could potentially lead to the public release of the stolen data131.
This data breach comes on the heels of Reddit’s struggles with backlash over its API pricing changes and recent layoffs3. Furthermore, it’s worth noting that the BlackCat gang has previously been linked to significant cyberattacks on Western Digital and Australian law firm HWL Ebsworth, among others13.
(Note: Further updates to this story may become available after the time of writing, and it is recommended to check the latest news for the most current information.)
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
CONSENT
2 years
YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
VISITOR_INFO1_LIVE
5 months 27 days
A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC
session
YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id
never
YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
