A ransomware group that hacked into Reddit’s servers in February is threatening to release stolen data if Reddit doesn’t roll back its planned API changes, Bleeping Computer reports (via The Verge).
No one took the blame at the time of the hack, but ransomware group BlackCat said yesterday they were responsible. 80GB of compressed data was stolen via a phishing attack, and BlackCat says the data will be released unless Reddit pays $4.5 million and backs out of API price changes, which go into effect on July 1 step.
The group claims to have “interesting confidential data,” including how Reddit tracks users and censors people. BlackCat does not expect Reddit to cooperate and expects the data to be disclosed.
At the time of the hack, Reddit said no user passwords, accounts, or credit card details were affected, but internal documentation, code, and internal dashboards and business systems were sourced.
BlackCat’s call for an API rollback comes as Reddit prepares to start charging developers for access to its API. Reddit’s fees are putting popular Reddit third-party clients like Apollo out of business, and the API changes have sparked protests in the form of subreddit blackouts.
Reddit CEO Steve Huffman said that given the negative feedback, Reddit has no plans to change its new API business model and that the company is unlikely to change its API pricing due to the risk of data leakage.