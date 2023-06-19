Reddit has been the center of attention during the past few weeks, because it is changing its API rules and adversely affecting third-party apps in the process. A few of the big apps have announced shutdowns, and several major subreddits have gone dark in protest. Now, we are learning of a hacker group threatening to leak 80GB of confidential Reddit data unless the company rolls back the API changes and coughs up a ransom.

A group of bad actors collectively known as ALPHV and infamous for the BlackCat ransomware have claimed responsibility for a major Reddit breach the company acknowledged in February this year. This group was also in the news for targeting Western Digital and Amazon’s surveillance hardware brand Ring in March. ALPHV claims to have stolen around 80GB of compressed data from Reddit systems during the attack, and is now threatening to leak it (via BleepingComputer).

The hackers are holding the data at ransom, and their demands seem simple: Reddit must roll back the API changes and cough up $4.5 million. In posts on the dark web, ALPHV says it contacted Reddit on April 13 and again on June 16, but to no avail. The group also mocked Reddit CEO Steve Huffman, also known as /u/spez. This is a traditional ransomware attack, except Reddit’s systems are still fully operational and the hackers didn’t lock them out.

I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. Pass on the torch, Spez, you’re no longer cut out for this kind of work.

A Reddit spokesperson did not respond to TechCrunch’s request for comment, but confirmed that ALPHV’s threat is based on the February data breach. At the time, Reddit reassured everyone that no customer data, banking information, and user passwords were compromised.The hackers only gained access to internal documents and code running the website.

The hacker’s claims and demands are bold, but they also haven’t shown proof of having the stolen data. It remains to be seen if Reddit will roll back the API changes, whether as a part of caving in to ALPHV’s demands, or otherwise.