The criminal group behind the February Reddit hack is now demanding $4.5 million and the dropping of API changes, or the stolen data will be published.
@dismalnow having the code out there that Reddit uses to track accounts doesn’t give me warm fuzzies. I’m not a technical guy but it seems that it would be better if that code had not been hacked and put in the hands of people with malicious intent. I have to defer to others on whether the hack compromises Reddit users’ security.
it would be better if that code had not been hacked and put in the hands of people with malicious intent.
And if a frog had wings…
Now that it’s out, it’s best for affected parties to try to determine if immediate action is required to reduce damage to themselves via reddit’s mistake - and all we have is a preliminary, and likely heavily redacted report from the company foolish enough to have allowed itself to get hacked.
So far the information points to non-production data. But the truth is that nobody knows the full scope of egressed data until BlackCat proves it, or reddit runs the fastest penetration forensics team EVER.
Therefore, it’s unlikely to be user information of substance unless you e been uploading photos of your taint, connected your work email address, and have pm’d your credit card number to people.
@dismalnow Maybe I should try that before I delete my Reddit account…at least the taint part. A parting gift to F u/spez. I think you proved my point. There a lot of people that read the revised terms of use and privacy policy when those came out and have an appreciation of the ramifications, but I suspect that a sizable percentage of Redditors do not. So as we are both no doubt are aware there are data-brokers that will piece together information in what we used to call a “mosaic approach” to create a profile - which is in part the cause for my concern.
@Phoeniqz it depends on the jurisdiction, but my understanding is that a breach is a breach. If no user data was compromised, then that is good for users and Reddit is potentially facing less liability. I understand from the responses in this thread that Reddit did announce the breach.
I’m not so sure tho, as no user data was affected.
@Phoeniqz
@gentleman
My read was that BlackCat only got non-prod data. So perhaps it’s sourcecode.
In which case… they’ve likely got nothing of value other than the code used to track users.
@dismalnow having the code out there that Reddit uses to track accounts doesn’t give me warm fuzzies. I’m not a technical guy but it seems that it would be better if that code had not been hacked and put in the hands of people with malicious intent. I have to defer to others on whether the hack compromises Reddit users’ security.
@gentleman
And if a frog had wings…
Now that it’s out, it’s best for affected parties to try to determine if immediate action is required to reduce damage to themselves via reddit’s mistake - and all we have is a preliminary, and likely heavily redacted report from the company foolish enough to have allowed itself to get hacked.
So far the information points to non-production data. But the truth is that nobody knows the full scope of egressed data until BlackCat proves it, or reddit runs the fastest penetration forensics team EVER.
Therefore, it’s unlikely to be user information of substance unless you e been uploading photos of your taint, connected your work email address, and have pm’d your credit card number to people.
@dismalnow Maybe I should try that before I delete my Reddit account…at least the taint part. A parting gift to F u/spez. I think you proved my point. There a lot of people that read the revised terms of use and privacy policy when those came out and have an appreciation of the ramifications, but I suspect that a sizable percentage of Redditors do not. So as we are both no doubt are aware there are data-brokers that will piece together information in what we used to call a “mosaic approach” to create a profile - which is in part the cause for my concern.
@Phoeniqz
@Phoeniqz it depends on the jurisdiction, but my understanding is that a breach is a breach. If no user data was compromised, then that is good for users and Reddit is potentially facing less liability. I understand from the responses in this thread that Reddit did announce the breach.