{
	"id": "26ac9967-b2be-47fb-a0c1-8b0cac6efca3",
	"created_at": "2026-04-06T00:18:53.649032Z",
	"updated_at": "2026-04-10T03:29:39.954121Z",
	"deleted_at": null,
	"sha1_hash": "4599c81f27e04f2ffef748c2cd6c2b8a60f2f906",
	"title": "Reddit hackers threaten to leak data stolen in February breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3639002,
	"plain_text": "Reddit hackers threaten to leak data stolen in February breach\r\nBy Lawrence Abrams\r\nPublished: 2023-06-18 · Archived: 2026-04-05 13:39:32 UTC\r\nThe BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have\r\nstolen 80GB of data from the company.\r\nOn February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing\r\nattack.\r\nThis phishing attack allowed the threat actors to gain access to Reddit's systems and steal internal documents, source code,\r\nemployee data, and limited data about the company's advertisers.\r\nhttps://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\n\"After successfully obtaining a single employee's credentials, the attacker gained access to some internal docs, code, as well\r\nas some internal dashboards and business systems,\" explained a post by Reddit CTO Christopher Slowe, aka KeyserSosa.\r\n\"We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the\r\nmajority of our data).\"\r\nHowever, Reddit said that production systems were not breached, and no user passwords, accounts, or credit card\r\ninformation were impacted.\r\nWhile Reddit did not share many details on the phishing attack, they said it was similar to a phishing attack on Riot\r\nGames that allowed hackers to gain access to systems and steal source code for League of Legends (LoL), Teamfight Tactics\r\n(TFT), and the company's Packman legacy anti-cheat platform.\r\nDuring the attack on Riot, the threat actors demanded $10 million not to leak the stolen data. However, when a ransom was\r\nnot paid, the threat actors attempted to sell the data for $1 million on a hacking forum.\r\nForum post selling Riot Games source code\r\nSource: BleepingComputer\r\nBlackCat behind Reddit hack\r\nAs first spotted by Dominic Alvieri and shared with BleepingComputer, the ALPHV ransomware operation, more\r\ncommonly known as BlackCat, now claims to be behind the February 5th cyberattack on Reddit.\r\nIn a \"Reddit Files\" post on the gang's data leak site, the threat actors claim to have stolen 80 GB of compressed data from\r\nthe company during the attack and now plan on leaking the data.\r\nThe threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the\r\ndata to be deleted but did not receive a response.\r\n\"I told them in my first email that I would wait for their IPO to come along. But this seems like the perfect opportunity! We\r\nare very confident that Reddit will not pay any money for their data,\" threatened the ransomware operation.\r\n\"But I am very happy to know that the public will be able to read about all the statistics they track about their users and all\r\nthe interesting confidential data we took. Did you know they also silently censor users? Along with artifacts from their\r\nGitHub!\"\r\nhttps://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/\r\nPage 3 of 5\n\nAfter not receiving a response, the threat actors now threaten to leak Reddit’s data if the company doesn’t pay the ransom\r\nand backtrack on their plans on charging for API access.\r\n\"The Reddit Files\" post on BlackCat data leak site\r\nSource: BleepingComputer\r\nWhile Reddit declined to comment about BlackCat's post, BleepingComputer has been able to confirm that this is the same\r\nattack disclosed by Reddit in February.\r\nIt should be noted that while BlackCat is a ransomware gang, they did not encrypt devices in this attack.\r\nThe same hacking group is believed to be linked to a similar attack on Western Digital in March 2023, causing a massive\r\noutage to the company's My Cloud cloud service.\r\nWhile the threat actors behind the Western Digital attack initially claimed not to have a name, screenshots of the stolen data\r\nwere leaked on the ALPHV data leak site, with the threat actors taunting the company about the attack.\r\nWestern Digital sent data breach notifications in May, warning online store customers that their data was stolen during the\r\nattack.\r\nhttps://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/\r\nhttps://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/"
	],
	"report_names": [
		"reddit-hackers-threaten-to-leak-data-stolen-in-february-breach"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434733,
	"ts_updated_at": 1775791779,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4599c81f27e04f2ffef748c2cd6c2b8a60f2f906.pdf",
		"text": "https://archive.orkl.eu/4599c81f27e04f2ffef748c2cd6c2b8a60f2f906.txt",
		"img": "https://archive.orkl.eu/4599c81f27e04f2ffef748c2cd6c2b8a60f2f906.jpg"
	}
}