The BlackCat ransomware crew is taking responsibility for the February cyberattack on Reddit, and is threatening to leak internal data it claims to have stolen during the breach.
In February, Reddit disclosed that a “sophisticated and highly-targeted phishing attack” on its employees led to a hack of the popular discussion platform.
An initial investigation revealed that the attacker(s), although unknown at the time, had accessed internal docs, code, internal dashboards and business systems, limited contact information for hundreds of company contacts and employees (current and former), as well as some advertiser information.
Late last week, the BlackCat ransomware operation took credit for the hack, threatening to leak 80 GB of “zipped” data stolen in the attack, if ransom is not paid. BlackCat notably hasn’t encrypted (or hasn’t been able to encrypt) the endpoints compromised in the breach.
In a post on the BlackCat data leak site, titled “The Reddit Files,” the hackers claim they don’t expect Reddit to meet their ransom demands, and trash the platform’s CEO, Steve Huffman, in what seems to be a hate operation more than anything.
“We are very confident that Reddit will not pay any money for their data,” the crew wrote, as shared in a screenshot by security researcher Dominic Alvieri.
“But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took,” the post author wrote.
The post itself already purports to show internal files, including photos of Reddit employees.
BleepingComputer contacted Reddit hoping to get a comment on BlackCat’s claims, but has yet to receive a statement.
In a flash alert released last year, the FBI said BlackCat had breached more than 60 organizations within just a few months. Today, that number is likely much higher, with the hacking crew continuing to compromise vulnerable IT networks.
In February this year, BlackCat also claimed responsibility for an attack on Lehigh Valley Health Network (LVHN), a healthcare organization based in Allentown in the Lehigh Valley region of the state of Pennsylvania. The hackers were allegedly denied ransom after the attack failed to disrupt operations.