By Hari Haran
Reddit, one of the world’s largest social media platforms, has recently become the target of a cyberattack, resulting in an astonishing 80GB of confidential data being stolen.
This data breach has caused significant alarm among Reddit users and cybersecurity experts, prompting discussions on the nature and severity of the attack. In this blog post, we will be looking at what this attack entails and the implications it may have for Reddit’s security measures.
Details of the Reddit Cyberattack
In late February, the BlackCat ransomware gang, also known as ALPHV, claimed responsibility for a cyberattack on Reddit that resulted in the theft of 80 gigabytes of compressed data. In a message on its website, BlackCat stated that they are
“very confident that Reddit will not pay any money for their data” and that they “expect to leak the data”.
Reddit’s CTO, Christopher Slowe, confirmed the attack, saying that the hackers had accessed employee information and internal documents as the result of a highly-targeted phishing attack.
Reddit did not provide any further information about the attack or who was behind it.
BlackCat has been linked to other attacks, including the March breach of Western Digital and the threat to leak data allegedly stolen from Amazon-owned video surveillance company Ring. To delete the stolen data and to withdraw Reddit’s API pricing changes, BlackCat is demanding $4.5 million.
In a message to Reddit, BlackCat made a tongue-in-cheek reference to the company’s plans to go public: “I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity!” It is unclear whether Reddit plans to respond to BlackCat’s demands.
The Scope of the Data Breach
The cyberattack on Reddit resulted in the theft of a massive 80GB of confidential data. The stolen information includes user email addresses, hashed passwords, private messages, and account credentials. Reddit has confirmed that the hackers accessed a backup from 2007 containing this sensitive data.
Although the passwords were encrypted, the hackers could use sophisticated techniques to decrypt them.
According to Reddit, the stolen data is related to a small percentage of users who had signed up for the platform before 2008.
The sheer volume of the stolen data is a cause for concern. The hackers have threatened to release the stolen information if Reddit fails to pay a ransom demand. This could expose users to phishing scams, identity theft, and other malicious activities.
Data breach also poses a risk to the company’s reputation. Reddit has a vast user base and a significant amount of user-generated content. If the stolen information is released, it could damage trust and confidence in the platform.
The cyberattack also highlights the vulnerability of online platforms and the importance of implementing robust cybersecurity measures.
The scope of the data breach highlights the critical need for companies to safeguard sensitive information and user data.
Even though the breach occurred from a backup file from more than a decade ago, the risks of leaving data vulnerable are the same. Companies should implement proper backup and security protocols to minimize risks and prevent future breaches.
Implementing strong password requirements, multi-factor authentication, and monitoring user accounts for suspicious activities can reduce the risk of cyberattacks.
Also Read This :-
- Meta Launches AI Voicebox
- What is January AI ?
- What is Data Stewards?
- AI development from Sequoia Capital