BlackCat Hacker Group Claims Responsibility for Reddit Hack

Attackers Steal 80GB of Data

In February 2023, Reddit suffered a hack when attackers managed to compromise one of the employees and gain access to the company’s internal business systems, steal internal documents and source code. Now, the BlackCat hacker group (ALPHV) has claimed responsibility for the attack, and the attackers claim to have stolen 80GB of data.
The attack occurred when the hackers used a phishing bait and attacked employees, trying to lure them to a landing page that mimicked one of the company’s intranet sites. This site was used to steal credentials and two-factor authentication tokens. Unfortunately, one of the employees fell for the hackers.
As a result of the attack, hackers gained access to some internal documents, code, as well as a number of internal dashboards and business systems. The stolen data included information about the company’s contacts and the contact details of some current and former employees, and the stolen files also contained some information about advertisers. However, bank card information, passwords and advertising performance indicators were not disclosed.
The attack was similar to the incident that Riot Games suffered at the beginning of the year. In January, hackers also compromised one of the employees, penetrated the company’s systems and stole the source code of the League of Legends (LoL) and Teamfight Tactics (TFT) games, as well as an outdated anti-cheat platform.
BlackCat ransomware group (ALPHV) has now claimed responsibility for the attack, according to Bleeping Computer. The message on the group’s website claims that during the attack, hackers stole 80 GB of data from the company and now plan to publish them in the public domain.
The attackers say they twice, on April 13 and June 16 of this year, tried to contact Reddit, demanding a ransom of $ 4.5 million for the removal of data, but did not receive a response.
“In my first letter, I told them that I would wait for their IPO. But this looks like a great opportunity! We are fully confident that Reddit will not pay money for their data,” the attackers write. “And I’m very happy to know that the public will be able to read about all the statistics that they collect about their users and all the interesting confidential data that we received. Did you know that they are quietly censoring users?”
Although representatives of Reddit declined to comment, Bleeping Computer confirms that the speech in the message of the hackers is about the same February attack. Journalists also note that although BlackCat is a ransomware group, during this incident, hackers did not encrypt Reddit devices.