Probably should’ve invested in better security instead of trying to chase tech trends like NFTs.
Sucks that they lumped API changes into their demands. This is going to make good-faith protestors look bad.
Crackpot idea: it’s a false flag operation by reddit admins trying to sour protest support
If you think this will change anything at Reddit, think again.
Reddit will not pay them or meet their demands. If they do reverse any of their API changes, it won’t be because of this. Businesses can’t been seen to be caving to ransomware groups and rightly so, as it just encourages more of these types of attacks. ALPHV is 100% trying to cash in on the current resentment towards Reddit and it shows.
We also don’t know what exactly has been accessed, as neither the group nor Reddit will confirm beyond Reddit stating that no production systems or user data was accessed. It could be 80GB of cat GIFs for all we know - I’m going to need more evidence that they have something big than a screenshot of the attacker saying “trust me bro”.
No website is invulnerable. Since we know from Reddit’s godawful official app they don’t do development very well, no doubt the website also has vulnerable holes.
They didn’t access the data through a vulnerability in the code, they phished some employee credentials and access it that way.
That in itself is a vulnerability. In my company we check for impossible travel, browser variance, etc. Credentials are only one aspect of this.
Hopefully they publish the data so we can add to the fediverse
