ALPHV hackers threaten to release 80GB of stolen data from Reddit unless $4.5 million ransom is paid

A group of hackers has issued a threat to release approximately 80GB of confidential data that they claim to have stolen from Reddit . The cybercriminals, known as BlackCat/ALPHV, have demanded a ransom of $4.5 million in exchange for deleting the stolen information.

The group initiated their attack on Reddit back in February 2023, gaining unauthorized access to internal documents, code, and certain business systems. While Reddit assures users that their passwords and accounts were not compromised, limited contact information for company contacts and employees, as well as some advertiser information, were exposed. Reddit promptly launched an internal investigation, with their security team responding swiftly to secure their systems.

The hackers, however, have now taken responsibility for the attack on a post on its dark web leak site and claim that Reddit failed to respond to their previous attempts at contact. They criticize Reddit's CEO, Steve Huffman, and threaten to leak the stolen data if their demands are not met. The group demands a ransom of $4.5 million for the deletion of the stolen data and insist on the withdrawal of Reddit's API pricing changes. The post about Reddit files on ALPHV dark web leak site

It's worth noting that the BlackCat/ALPHV ransomware gang has been active since November 2021, with a list of victims that includes SOLAR INDUSTRIES INDIA, an industrial explosives manufacturer, US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., fashion giant Moncler, Swissport, NCR, and Western Digital. The group's ransom demands have ranged from tens of thousands of dollars to tens of millions of dollars.

Reddit is now faced with the daunting challenge of dealing with this breach, coordinating efforts with law enforcement agencies, and engaging external cybersecurity experts to minimize the fallout. The company's utmost priority remains safeguarding user privacy and security while striving to rectify the situation and prevent similar incidents from occurring in the future. Reddit users are advised to exercise caution, reset their passwords, and enable two-factor authentication to ensure their accounts' safety.