A ransomware group that hacked into Reddit’s servers back in February is threatening to release stolen data if Reddit does not walk back its planned API changes, reports Bleeping Computer (via The Verge).
At the time of the hack, no one took credit, but ransomware group BlackCat yesterday said that it was responsible. 80GB of compressed data was stolen through a phishing attack, and BlackCat says that the data will be made public unless Reddit pays $4.5 million and withdraws the API pricing changes that will go into effect on July 1.
The group claims to have “interesting confidential data” that includes information on how Reddit tracks users and censors people. BlackCat does not anticipate Reddit cooperating, and says that it expects to leak the data.
At the time of the hack, Reddit said that no user passwords, accounts, or credit card details were impacted, but internal documentation, code, and internal dashboards and business systems were obtained.
BlackCat’s demand for an API rollback comes as Reddit prepares to begin charging developers for access to its API. Reddit’s fees are putting popular third-party Reddit clients like Apollo out of business, and the API changes have resulted in protests in the form of subreddit blackouts.
Reddit CEO Steve Huffman has said that Reddit has no plan to change its new API business model in light of the negative feedback, and it is unlikely that the company will change its API pricing due to the data leak threat.