Tag Archive for: Reddit

Hackers Threaten To Leak 80GB of Confidential Data Stolen From Reddit


Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes, TechCrunch reported.

According to TechCrunch, in a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February breach of the company’s systems.

Reddit spokesperson Gina Antonini declined to answer TechCrunch’s questions, but confirmed that BlackCat’s claims relate to a cyber incident confirmed by Reddit on February 9. At the time, Reddit CEO Christopher Slowe, or KeyserSosa, said that hackers had accessed employee information and internal documents during a “highly-targeted” phishing attack. Slowe added that the company had “no evidence” that personal user data, such as passwords and accounts, had been stolen.

Bleeping Computer reported that on February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.

According to Bleeping Computer, the phishing attack allows the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.

As first spotted by Dominic Alvieri and shared with Bleeping Computer, the ALPHV ransomware operation, more commonly known as BlackCat, now claims to be behind the February 5th cyberattack on Reddit.

In a “Reddit Files” post on the gang’s data leak site, the threat actors claim to have stolen 80 GB of compressed data from the company during the attack and now plan on leaking the data.

The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.

Bleeping Computer posted a screenshot of the information from ALPHV. Here are some:

“…I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data.

“But I am very happy to know that the public will be able to read…

Source…

Hackers threaten to leak stolen data if Reddit doesn’t reverse API changes


The situation surrounding Reddit’s changes to its API continues to get even weirder. Earlier this year, a ransomware group used a sophisticated phishing attack to steal 80GB of data from Reddit. Now, ransomware group BlackCat is claiming responsibility for that hack and threatening to release that information if Reddit doesn’t reverse its API changes and pay a $4.5 million ransom…

As spotted by Bleeping Computer, researcher Dominic Alvieri spotted BlackCat’s announcement today in which it threatens to release the data publicly if Reddit doesn’t meet its demands.

BlackCat is demanding that Reddit not only pay that $4.5 million ransom but also reverse its controversial API changes that will kill many third-party apps. BlackCat was previously waiting for Reddit’s long-awaited IPO to claim responsibility for this breach but has instead opted to seize on the ongoing controversy surrounding those API changes.

I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We are very confident that Reddit will not pay any money for their data. But I am very happy to know that the public will be able to read about all the statistics they track about their users and all the interesting confidential data we took.

In our last email to them, we stated that we wanted $4.5 million in exchange for the deletion of the data and our silence. As we also stated, if we had to make this public, then we now demand that they also withdraw their API pricing changes along with our money or we will leak it.

Reddit publicly acknowledged the security incident back in February, saying that it was a “sophisticated and highly-targeted phishing attack.” The attackers sent “plausible-sounding prompts” redirecting employees to a website that cloned the behavior of the company’s intranet. As a result, the attackers were able to steal credentials and two-factor tokens.

Based on our investigation so far, Reddit user passwords and accounts are safe, but on Sunday night (pacific time), Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack. They gained access to…

Source…

Documents, Code, Business Systems Accessed in Reddit Hack


Reddit on Thursday informed users that its systems were hacked as a result of what the company described as a sophisticated and highly targeted phishing attack aimed at employees.

According to Reddit, the intrusion was detected on February 5. The hackers gained access to some internal documents, source code, internal dashboards and business systems. 

Up until this point in the investigation, Reddit has determined that the exposed information includes limited contact information for hundreds of contacts and current and former employees, as well as some advertiser information. 

“Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online,” Reddit said. 

There is no indication that user passwords or accounts have been compromised. The company also said there is no evidence of a breach of production systems, where the platform runs and where a majority of its data is stored.

The data breach was discovered after an employee informed Reddit’s security team that they had fallen for a phishing attack. The attackers targeted Reddit employees with “plausible-sounding prompts” that led them to a phishing website mimicking its intranet gateway. 

A Reddit representative noted in an AMA (Ask Me Anything) thread that the employee whose credentials were phished did have two-factor authentication (2FA) enabled on their account, as the company requires it for all employees. 

However, it seems that the phishing page targeted not only employee credentials, but also their second-factor tokens. 

Several major tech companies were targeted in sophisticated phishing attacks in the past months. One of them is Zendesk, which revealed recently that some employees handed over their credentials to threat actors in the fall of 2022. 

At around the same time, companies such as Twilio, Cloudflare and at least 130 others were targeted in a phishing campaign dubbed Oktapus, which appeared to be the work of financially-motivated threat actors.

Related: Reddit Names Allison Miller as CISO, VP of…

Source…

Twitch And Reddit Ramp Up Their Enforcement Against ‘Hateful’ Content

On Monday, both Twitch and Reddit ramped up their efforts to deal with various forms of hateful content on their platforms — and both of them ended up shutting down some forums related to President Trump — which inevitably (but incorrectly) resulted in people again screaming about “anti-conservative bias.” Reddit kicked things off by announcing new content policies (which you can read here). The key change was an expanded rule against communities that “promote hate based on identity or vulnerability.”

Based on that, Reddit has permanently shuttered around 2,000 subreddits, including, most notably the r/The_Donald subreddit for Trump fans. However, as if they were expecting the bogus claims of anti-conservative bias to show up in response, Reddit also shut down r/ChapoTrapHouse, which might be considered the flip side to The_Donald subreddit, but from the left end of the traditional political spectrum. Both communities were known for their anger spewing wackos. Reddit painted its decision to suspend both as a way to show that it is applying the rules equally across all its subreddits:

All communities on Reddit must abide by our content policy in good faith. We banned r/The_Donald because it has not done so, despite every opportunity. The community has consistently hosted and upvoted more rule-breaking content than average (Rule 1), antagonized us and other communities (Rules 2 and 8), and its mods have refused to meet our most basic expectations. Until now, we’ve worked in good faith to help them preserve the community as a space for its users—through warnings, mod changes, quarantining, and more.

Though smaller, r/ChapoTrapHouse was banned for similar reasons: They consistently host rule-breaking content and their mods have demonstrated no intention of reining in their community.

To be clear, views across the political spectrum are allowed on Reddit—but all communities must work within our policies and do so in good faith, without exception.

Of course, because content moderation at scale is impossible to do well, I’ve already seen plenty of complaints about other Reddit forums that the site failed to take down. And I fully expect that at some point a forum will be shut down by overzealous moderators. Because that’s the nature of content moderation.

Meanwhile, over on the Twitch side, the site has been coming under increasing attacks for enabling a lot of harassment. Since much of Twitch is live-streaming, it’s that much more impossible to monitor. Last week, the company promised to take harassment claims more seriously and began suspending some users. On Monday, that included a temporary ban of the president’s campaign account on the site. Apparently, the move was in response to comments made at recent Trump rallies, that Twitch claims violated its policies.

Twitch pointed to comments made at two rallies that led to its decision. At a campaign rally in 2016, which was recently rebroadcast on the platform, Trump said Mexico was sending over its bad actors, such as rapists or drug dealers. Twitch also pointed to Trump’s recent Tulsa rally, where he told a fictional story of a ‘tough hombre’ invading someone’s home.

“Hateful conduct is not allowed on Twitch. In line with our policies, President Trump’s channel has been issued a temporary suspension from Twitch for comments made on stream, and the offending content has been removed,” a Twitch spokesperson told CNBC.

Again, these platforms are in an impossible position — which we detailed in our post about the content moderation impossibility theorem. If they do nothing, tons of people will call out these platforms for inaction. But in pulling down these accounts, a bunch of other people will now be furious as well. And sooner or later these platforms will pull down other accounts that lots of other people (no matter what they’re political leanings) will get upset about as well. This is the nature of content moderation.

Techdirt.