The criminal group behind the February Reddit hack is now demanding $4.5 million and the dropping of API changes, or the stolen data will be published.
Whether or not Reddit pays, we should assume the data will make its way into the hands of people who (further) weaponize it against Reddit’s users
It likely already has. No honor amongst thieves. That being said, I don’t think they accessed any user data in the breach.
If Reddit knew about the breach earlier and didn’t do their due diligence to alert users, then that’s further condemnation of their leadership and priorities, but it doesn’t undo the damage this might cause users.
This would also be illegal under California state law, but I don’t think they would’ve done something that stupid. There are also exceptions, i.e if there was an active police investigation into the breach and it was determined that making the announcement could impede that investigation. I know this all happened in February though, and again I don’t think they would’ve been that dumb, since even back then I’m sure the IPO was front and center at Reddit HQ.
Reddit confirmed the hack on Feb 9th 2023, and they were filing with the SEC all the way back in Dec 2021.
It likely already has. No honor amongst thieves. That being said, I don’t think they accessed any user data in the breach.
This would also be illegal under California state law, but I don’t think they would’ve done something that stupid. There are also exceptions, i.e if there was an active police investigation into the breach and it was determined that making the announcement could impede that investigation. I know this all happened in February though, and again I don’t think they would’ve been that dumb, since even back then I’m sure the IPO was front and center at Reddit HQ.
Reddit confirmed the hack on Feb 9th 2023, and they were filing with the SEC all the way back in Dec 2021.