Reddit is having its worst month as it faces problem after problem. Countless users and moderators still have an issue with the new API pricing, and now hackers that are presumed to be Reddit's previous perpetrator is joining in the fold.
Reddit Hacker Has Some Demands
The moderators going on protest alone is already a big headache for the social networking site. In addition to that, the ransomware group BlackCat, who claimed responsibility for the attack last February has given Reddit an ultimatum.
The company has to pay the threat actors $4.5 million in ransom and cancel its new API pricing policy, or it would publicize the data that was stolen in the previous attack. It goes without saying that the threat actors are on the protesters' side in this feud.
Around 80 GB of data are at risk of being exposed if the demands aren't met, according to The Verge. The hackers managed to access the company's data including documents, and contact information for employees as well as advertisers through a phishing attack.
Despite the reports, Reddit claims that the hackers didn't actually access any private data, just the ones that were already available to the public. The ransomware group's demand to roll back the API policy brings the protesters closer to victory.
Before the hacker became a factor, Reddit CEO Steve Huffman could have just waited out until things went back to normal, as he referred to the protest as something that "will pass," but it's an entirely different thing to have sensitive data be exposed.
While the $4.5 million ransom can already be a huge loss for the company, rolling back its API policy will mean that it will lose a huge potential source of income, which can generate millions for them each year as third-party apps continue to operate.
Read Also: Reddit CEO Adds New Policy That Lets Users Remove Moderators
February Breach
The previous cyber attack that Reddit had suffered occurred in early February, wherein the threat actors managed to breach its systems, access internal systems, and steal internal documents as well as the source code.
The hackers managed to successfully enter the system by creating a false intranet site that appeared like the real one. It would then target Reddit employees, tricking them into entering credentials and stealing two-factor authentication tokens.
Reddit says that aside from internal documents and code, the threat actors also obtained internal dashboards and business systems. However, there were no signs that it accessed Reddit's primary production system which holds the majority of the company's data.
This means that data like credit card information, passwords, and ad performance were safe from the breach, as mentioned in Bleeping Computer. The social networking site also mentioned that it was similar to an attack conducted against Riot Games.
Although, Reddit is getting a smaller sum for ransom compared to the video game company. After stealing Riot Games' source code for League of Legends and Teamfight Tactics, they demanded a $10 million ransom from the company, as opposed to Reddit's $4.5 million.
Related: Biggest Subreddits Are Now Public Only Posting About John Oliver
