Tech Specter

💡A place where we bring every part of technology to light.

Home » How hackers are holding Reddit hostage for $4.5 million and API rollback

How hackers are holding Reddit hostage for $4.5 million and API rollback



Reddit, one of the world’s most prominent social media networks, is under attack from a group of hackers who claim to have stolen 80GB of data from the company’s servers. The hackers, known as BlackCat, are seeking a $4.5 million ransom and the reversal of Reddit’s controversial API price changes, which have enraged many users and developers.

What happened?

According to Bleeping Computer, BlackCat was behind the February 2023 phishing attack on Reddit employees. The hackers gained access to corporate documents and data, including employee and advertiser contact information. Reddit confirmed the incident at the time, but stated that no non-public user data had been compromised.

However, on June 19, BlackCat posted a message on a dark web forum, claiming to have “interesting confidential data” that includes information on how Reddit tracks users and censors people. The hackers threatened to release the data publicly if their demands are not met by June 30.

What are their demands?

BlackCat demands two things from Reddit: a $4.5 million ransom in exchange for the data, and a reversal of Reddit’s planned API pricing adjustments, which are slated to go into effect on July 1.

The API fee adjustments are causing friction between Reddit and some of its most active users. Reddit said that it would begin charging third-party app developers for access to its API, potentially costing them millions of dollars every year. In response, many popular subreddits went dark, blocking new postings and closing public access.

Reddit CEO Steve Huffman defended the decision, saying that the platform was “never designed” to support third-party apps and that the company wouldn’t pull back from its proposed changes. He also said that Reddit would offer subsidies and discounts to some developers who can’t afford the fees.

What is Reddit doing about it?

Reddit declined to comment on the incident or the ransom demands on the record. However, the corporation is unlikely to give in to the hackers’ threats because doing so would set a hazardous precedent and encourage further attacks in the future.

Since the hack, Reddit has been trying to improve its security procedures, including adopting two-factor authentication for all workers and changing passwords for affected accounts.

In 2018, a hacker obtained access to user data, including email addresses and outdated usernames and passwords, on Reddit.