The criminal group behind the February Reddit hack is now demanding $4.5 million and the dropping of API changes, or the stolen data will be published.
@Phoeniqz If Reddit is only announcing the hack now then that is very likely going to be a legal problem in a number of US jurisdictions, not to mention EU and others.
@dismalnow having the code out there that Reddit uses to track accounts doesn't give me warm fuzzies. I'm not a technical guy but it seems that it would be better if that code had not been hacked and put in the hands of people with malicious intent. I have to defer to others on whether the hack compromises Reddit users' security.
it would be better if that code had not been hacked and put in the hands of people with malicious intent.
And if a frog had wings...
Now that it's out, it's best for affected parties to try to determine if immediate action is required to reduce damage to themselves via reddit's mistake - and all we have is a preliminary, and likely heavily redacted report from the company foolish enough to have allowed itself to get hacked.
So far the information points to non-production data. But the truth is that nobody knows the full scope of egressed data until BlackCat proves it, or reddit runs the fastest penetration forensics team EVER.
Therefore, it's unlikely to be user information of substance unless you e been uploading photos of your taint, connected your work email address, and have pm'd your credit card number to people.
@dismalnow Maybe I should try that before I delete my Reddit account...at least the taint part. A parting gift to F u/spez. I think you proved my point. There a lot of people that read the revised terms of use and privacy policy when those came out and have an appreciation of the ramifications, but I suspect that a sizable percentage of Redditors do not. So as we are both no doubt are aware there are data-brokers that will piece together information in what we used to call a "mosaic approach" to create a profile - which is in part the cause for my concern.