In February, hackers gained access to internal Reddit data through a phishing campaign targeting employees. The hackers want ransom money, plus changes to the controversial API updates. A ransomware group is claiming responsibility for a hack on Reddit’s systems earlier this year, and demanding not just money but policy changes. BlackCat, a ransomware group, says it was behind the February phishing attack on Reddit, as previously reported by Bleeping Computer. In a post shared by researcher Dominic Alvieri, BlackCat claims to have stolen 80GB of data from Reddit and threatens to release it publicly if demands aren’t met.
The group wants a $4.5 million payout in exchange for the data and also demands Reddit roll back its planned API pricing changes that spurred user and moderator protests last week. At the time of the hack, Reddit said hackers had used a “sophisticated and highly-targeted” phishing attack to get access to internal documents and data, including contact information for employees and advertisers. The company maintained that the hackers hadn’t accessed user data that wasn’t public. Reddit declined to comment on the record about the hack.
Bleeping Computer reports that the BlackCat hack and the incident disclosed by Reddit in February are the same. BlackCat’s new demands around API pricing changes follow a contentious back-and-forth between Reddit leadership and some of its most engaged users. After Reddit announced it would begin charging developers of third-party apps — potentially to the tune of millions of dollars a year — many top subreddits went dark in response, limiting new posts and closing public access.
Hacking is a serious offense under both federal and state laws. In the United States, the Computer Fraud and Abuse Act (CFAA) is a federal statute that criminalizes unauthorized access to protected computer systems. If convicted, hackers may face severe penalties, including imprisonment and substantial fines. Additionally, state laws may provide additional charges and penalties depending on the specific circumstances and jurisdiction.
Legal Options for Reddit: In the event that the hackers responsible for the breach are identified and apprehended, Reddit has several legal options available to address the situation:
Criminal Prosecution: Reddit can cooperate with law enforcement agencies to ensure the hackers are brought to justice. By providing any evidence or information related to the breach, Reddit can assist in the criminal investigation and subsequent prosecution. If the hackers are convicted, they may face imprisonment, fines, or both, depending on the severity of the offenses committed.
Civil Lawsuits: Reddit may choose to pursue civil litigation against the hackers to seek damages for the harm caused by the breach. This may include seeking compensation for any financial losses incurred, costs associated with enhancing security measures, and reputational damage suffered as a result of the incident.
Negotiation and Mitigation: In certain cases, Reddit may opt to engage in negotiations with the hackers to mitigate the potential harm caused by the release of stolen data. However, any negotiations should be carefully conducted with the guidance of legal counsel to ensure compliance with the law and protect the interests of Reddit and its users.
Reddit has various legal options at its disposal, including criminal prosecution and civil litigation, to hold the hackers accountable and seek redress for the damages suffered. The ultimate resolution of this matter will depend on the identification and apprehension of the responsible individuals and the subsequent legal actions taken by Reddit.
Comentarios