BlackCat ransomware group claims major cyber attack on Reddit; threatens to leak stolen data

The infamous BlackCat (ALPHV) ransomware gang has claimed responsibility for a significant cyber attack Reddit suffered earlier this year and has threatened to leak the stolen files.

Earlier this year, social news aggregator Reddit said that it became aware of a security incident on 5th February. It said the incident occurred a result of a “sophisticated phishing campaign that targeted Reddit employees” which resulted in an employee falling victim to the trap.

“As in most phishing campaigns, the attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behaviour of our intranet gateway, in an attempt to steal credentials and second-factor tokens,” Reddit www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="2">said.

After the threat actor successfully obtained the employee’s credentials, they gained access to the company’s internal systems, internal documents, and code, as well as some internal dashboards and business systems.

The hacker also accessed contact information for company contacts and employees (former and current) and some advertiser information. Reddit clarified that there is no indication that its primary production systems were breached.

“Based on several days of initial investigation by security, engineering, and data science (and friends!), we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit’s information has been published or distributed online,” Reddit said.

According to security researcher Dominic Alvieri, the BlackCat (ALPHV) ransomware gang has claimed responsibility for the cyber attack on Reddit and is now threatening to leak the stolen files.