The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.
On February 9th, Reddit disclosed that its systems were hacked* on February 5th after an employee fell victim to a phishing attack. This phishing attack allowed the threat actors to gain access to Reddit’s systems and steal internal documents, source code, employee data, and limited data about the company’s advertisers.
“After successfully obtaining a single employee’s credentials, the attacker gained access to some internal docs, code, as well as some internal dashboards and business systems,” explained a post by Reddit CTO Christopher Slowe, aka KeyserSosa. “We show no indications of breach of our primary production systems (the parts of our stack that run Reddit and store the majority of our data).” The threat actors say they attempted to contact Reddit twice, on April 13th and June 16th, demanding $4.5 million for the data to be deleted but did not receive a response.
Thomas Uhlemann, Security Specialist at ESET commented that “again, one single phishing mail opened the doors to a rather big corporate network.” A single employee’s account data stolen and the attackers go all the way to the crown jewels – internal documents, software code employee data and more. What seems like should be impossible in 2023, sadly remains the ugly truth. We cannot stress enough the necessity to incorporate contemporary security methods and means, such as zero trust, distribution of access as well as multi-factor authentication in place at all times.
At the same time, regular employee trainings in regards to phishing attacks and proper reaction to threats to the company are a must as well, since technology alone can easily be overcome by one single human-made mistake. There’s been no data encrypted in this attack – it was stolen instead only to be sold now. Instead of physical damage, reddit now face potential reputational damage, which in the longer run might be more damaging than having to restore a couple of systems.
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 