Source: securityboulevard.com – Author: Richi Jennings
John-Oliver-pics protest won’t change Reddit policy, but will ransom demand work?
The BlackCat ransomware crew wants Reddit to pay up, or it’ll release internal data, including source code, stolen four months ago. The scrotes, also known as ALPHV, also want Reddit to volte-face on its controversial API pricing policy.
Good luck with that. In today’s SB Blogwatch, we join the protest in the only way we know how.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Parry Hotter and the Valley of Uncan.
And Now, This:
And now, Lawrence Abrams reports—“Reddit hackers threaten to leak data”:
“Did not receive a response”
On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack. [The] attack allowed the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.
…
While Reddit did not share many details on the phishing attack, they said … that production systems were not breached, and no user passwords, accounts, or credit card information were impacted. … The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million … but did not receive a response.
How much data? How big a ransom? Let’s turn to Carly Page—“Hackers threaten to leak 80GB”:
“$4.5 million”
Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes. In a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data.
…
Reddit spokesperson Gina Antonini declined to answer [my] questions but confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. … Reddit didn’t share any further details.
…
The hackers say they are demanding $4.5 million in exchange for deleting the stolen data and for Reddit to withdraw its API pricing changes, [which] have been the subject of much controversy in recent weeks: Popular third-party Reddit app Apollo has announced it’s closing down as a result of the new pricing, and thousands of subreddits last week went dark in protest.
Should users be worried? u/grumpymonk202 thinks not:
Given what Reddit said about the hack … I’d expect 80Gb to be more like the entire contents of [staff] inboxes, internal documents etc. Obviously, as Reddit is mostly public, the obvious dangerous information for users is email addresses, passwords and the contents of private chats or messages. The former is not impossible, but I’d guess 80GB is far too little to contain all private chat or message data.
Whom can we blame? Joeri knows:
[Reddit co-founder and CEO, Steve “spez”] Huffman seems to be drawing inspiration from Elon Musk: … He’s acting like an Elon knock-off. This is why they should replace him, because just like Elon is driving Twitter into the ground, the frantic Elon-like decisions of Huffman are driving Reddit into the ground.
This isn’t about Reddit not being allowed to make money or turn a profit or have a good IPO: The decisions made so far seem to run counter to Reddit’s ability to do just that. Who will buy into an IPO of a burning platform that is at war with its own users? How do you make money from an API that’s too expensive for people to pay for?
What do you think? This Anonymous Coward couldn’t care less:
Is Reddit still a thing in 2023? Who cares? It pollutes search results too. Don’t give a **** about Reddit posts. They’ve never helped me solve a problem. It’s an echo chamber: Utterly useless to society as a whole.
But u/Muffin_soul says you shouldn’t judge Reddit by a few bad apples:
There are plenty of fantastic subs whose value is the community of diverse, knowledgeable, welcoming and supporting members.
And why the John Oliver obsession? sschueller explains:
If this is true, that would be a big nail in the reddit coffin. r/pics voted to continue with the strike by only allowing posts of pictures of John Oliver. I can see other subs starting such things as well.
…
Even if you change out the mods, you will have your hands full of people making protest posts. Somehow I have the feeling some future ML models will have a tendency to render people that look oddly like John Oliver.
Will the protests work? jonnythan isn’t optimistic:
I really hope these protests succeed—even though they won’t. … Intentionally eliminating third party apps by introducing comically high API fees is incredibly anti-user and has pissed off most of their core users and mods. The mods are volunteer workers who basically make Reddit able to exist.
…
There are two reasons, IMO, that it won’t ultimately work:
1) Reddit will simply replace the mods of those subreddits with ones who will agree to open them back up. …
2) There’s nowhere else to go. … There’s nothing else really like it that can absorb the culture.
Meanwhile, u/Translationerr0r sounds slightly sarcastic:
Gee, I hope it didn’t get stolen through some API.
And Finally:
Parry Hotter and the Valley of Uncan
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Neil Grabowsky for Montclair Film Festival (cc:by; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2023/06/reddit-ransomware-blackcat-alphv-richixbw/
Category & Tags: Analytics & Intelligence,API Security,Application Security,Blockchain,Careers,Cloud Security,Cyberlaw,Cybersecurity,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Digital Currency,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,ALPHV ransomware,Blackcat,BlackCat ransomware,Breach,Privacy,reddit,Reddit breach,SB Blogwatch – Analytics & Intelligence,API Security,Application Security,Blockchain,Careers,Cloud Security,Cyberlaw,Cybersecurity,Data Security,Deep Fake and Other Social Engineering Tactics,DevOps,DevSecOps,Digital Currency,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Identity & Access,Identity and Access Management,Incident Response,Industry Spotlight,Insider Threats,Malware,Most Read This Week,Network Security,News,Popular Post,Ransomware,Securing the Cloud,Securing the Edge,Security at the Edge,Security Awareness,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Security Operations,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,ALPHV ransomware,Blackcat,BlackCat ransomware,Breach,Privacy,reddit,Reddit breach,SB Blogwatch
