Amid the row over its application programming interface (API) changes, American social news and content aggregation company Reddit is now facing another trouble as hackers have reportedly threatened to release 80GB of data stolen into the dark net from the venture’s platform.
The BlackCat ransomware gang aka ALPHV, is now demanding USD 4.5 million in exchange for deleting the stolen data, as per a TechCrunch report. The hackers made the data theft claims in a post on its dark web leak site.
A Reddit spokesperson confirmed the incident to the media, while stating that “BlackCat’s claims relate to a cyber-incident confirmed by Reddit on February 9”.
To commit the act, hackers had allegedly accessed Reddit employee information and internal documents through a “highly-targeted” phishing attack.
Reddit, however, didn’t share any further details about the attack or the perpetrators.
BlackCat’s name recently surfaced during a March 2023 theft attack on digital storage solutions company ‘Western Digital’, which saw these threat actors stealing 10TB of data from the venture’s online entities, including customer information.
The data theft crisis comes for Reddit at a time, when its new API prices saw communities/people forums called subreddits setting themselves on private mode from June 12th to June 14th.
The developer of the third-party app ‘Apollo for Reddit’ has announced an operational shutdown from June 30.
Reddit API policy changes will see its content being used to train artificial intelligence tools, and this content will be put under a paywall from now on.
Reddit’s API, available since 2008, used to be open for developers to do activities like building moderation tools for subreddits, creating Reddit browsing clients, and making the content site a user-friendly one.
While the Steve Huffman-led venture will keep the API free for those building moderation tools or creating educational and research environments on Reddit, the company’s new terms will be applied for developers using the APIs in ways that require “broader usage rights”. Also, the new policy won’t grant automatic licenses for anyone needing to modify user content.
Training AI language models will now require interested parties “to enter into a separate agreement with Reddit.”
The ‘Data API Terms’ have also empowered the company to enforce limits on how many API requests can be made. The charges required for making the API requests will also be high for clients (developers), since the latter generally use OAuth tokens for Reddit user authentications.
The API price changes will affect third-party apps like ‘Apollo’ or ‘Rif is fun’, which the community/subreddit members use to access Reddit, to get better user experiences.
These apps were built using Reddit’s APIs. If they need to show Reddit’s content now on their portals, they will have to pay for it. Apollo has said the API fees alone would amount to a staggering yearly amount of USD 20 million, something which is not feasible for them.
The subreddits’ protest has resulted in Reddit’s average daily traffic falling down in June 2023.
While over 57 million daily visits to the social discussion platform were recorded on June 11 (the day before the blackout started), the tally dropped below 55 million by the end of the first day of the protest.
At the end of June 13, less than 53 million daily visitors on the platform were recorded. The 52,121,649 visits Reddit received on June 13 reflected a 6.6% drop from the website’s average daily traffic from May 2023.
Till June 20, more than 3,200 subreddits have remained restricted/private, as per a report from the New York Times, which tracked the live data from the website called reddark.untone.uk.
While some subreddits were containing memes mocking Reddit’s chief executive, Steve Huffman, moderators of some of the communities reopened their spaces after getting warnings from the American social news and content aggregation company.