Hackers from the BlackCat ransomware gang have contacted Reddit Inc. claiming to be behind a hack that affected the social media forum platform in February that took more than 800 gigabytes of internal documents, code, contracts and employee information.

The hacker group, also known as AlphaV, also demanded $4.5 million to not release the stolen data.

Reddit revealed that the original breach occurred on Feb. 5 in a post by Reddit Chief Technology Officer Christopher Slowe, aka KeyserSosa, saying that the company “became aware of a sophisticated phishing campaign that targeted Reddit employees.” He said one employee fell victim to the attack, and although attackers got access to internal systems, the compromise did not affect primary production systems.

At the time, Reddit commented that there was no evidence that the attack affected any user information.

The group has resurfaced months later now that Reddit is in the midst of protests over unpopular changes regarding pricing and access to its application programming interfaces. Specifically, the issue is over how much the company will now charge apps that use the company’s API. That has prompted many of its subreddits, or forums, on the site to make themselves private – with some, such as r/music and r/videos closing down indefinitely.

BlackCat revealed in a post Saturday entitled “The Reddit Files” that it attempted to contact Reddit originally on April 13, after the original hack, and more recently on June 13, on its website. The ransomware group stated that now the group is demanding $4.5 million in exchange for the deletion of the data and that Reddit walk back its new stance on the API pricing changes or the group will leak the data.

“I told them in the first email that I would wait for their IPO to come along. But this seems like the perfect opportunity!” the hackers wrote in the post. “We are very confident that Reddit will not pay any money for their data.”

The same hacker group is believed to be the hacking group behind the attack on computer storage device maker Western Digital Corp. earlier this year, which ended in the theft of 10 terabytes of data from the company’s network. The same attack caused a massive service outage for customers of Western Digital’s consumer cloud services.

This isn’t the only hack that Reddit has suffered. In 2018 the website suffered a breach where a hacker gained access to backend systems by intercepting SMS text messages. The hacker stole a very early historical trove of backup data from Reddit’s launch in 2005 through 2007, including usernames, email addresses, posts, private messages and salted passwords.

Image: Pixabay