The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, the place the risk actors declare to have stolen 80GB of information from the corporate.
On February ninth, Reddit disclosed that its methods have been hacked on February fifth after an worker fell sufferer to a phishing assault.
This phishing assault allowed the risk actors to achieve entry to Reddit’s methods and steal inner paperwork, supply code, worker knowledge, and restricted knowledge concerning the firm’s advertisers.
“After efficiently acquiring a single worker’s credentials, the attacker gained entry to some inner docs, code, in addition to some inner dashboards and enterprise methods,” defined a submit by Reddit CTO Christopher Slowe, aka KeyserSosa.
“We present no indications of breach of our main manufacturing methods (the components of our stack that run Reddit and retailer the vast majority of our knowledge).”
Nevertheless, Reddit stated that manufacturing methods weren’t breached, and no consumer passwords, accounts, or bank card data have been impacted.
Whereas Reddit didn’t share many particulars on the phishing assault, they stated it was just like a phishing assault on Riot Video games that allowed hackers to achieve entry to methods and steal supply code for League of Legends (LoL), Teamfight Ways (TFT), and the corporate’s Packman legacy anti-cheat platform.
In the course of the assault on Riot, the risk actors demanded $10 million to not leak the stolen knowledge. Nevertheless, when a ransom was not paid, the risk actors tried to promote the information for $1 million on a hacking discussion board.
Supply: BleepingComputer
BlackCat behind Reddit hack
As first noticed by Dominic Alvieri and shared with BleepingComputer, the ALPHV ransomware operation, extra generally often known as BlackCat, now claims to be behind the February fifth cyberattack on Reddit.
In a “Reddit Recordsdata” submit on the gang’s knowledge leak website, the risk actors declare to have stolen 80 GB of compressed knowledge from the corporate in the course of the assault and now plan on leaking the information.
The risk actors say they tried to contact Reddit twice, on April thirteenth and June sixteenth, demanding $4.5 million for the information to be deleted however didn’t obtain a response.
“I instructed them in my first electronic mail that I’d wait for his or her IPO to return alongside. However this looks as if the right alternative! We’re very assured that Reddit is not going to pay any cash for his or her knowledge,” threatened the ransomware operation.
“However I’m very completely happy to know that the general public will be capable to examine all of the statistics they monitor about their customers and all of the fascinating confidential knowledge we took. Do you know additionally they silently censor customers? Together with artifacts from their GitHub!”
Supply: BleepingComputer
Whereas Reddit declined to remark about BlackCat’s submit, BleepingComputer has been capable of verify that this is similar assault disclosed by Reddit in February.
The identical hacking group is believed to be linked to an analogous assault on Western Digital in March 2023, inflicting a large outage to the corporate’s My Cloud cloud service.
Whereas the risk actors behind the Western Digital assault initially claimed to not have a reputation, screenshots of the stolen knowledge have been leaked on the ALPHV knowledge leak website, with the risk actors taunting the corporate concerning the assault.
Western Digital despatched knowledge breach notifications in Might, warning on-line retailer clients that their knowledge was stolen in the course of the assault.
