• const_void@lemmy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 years ago

    Probably should’ve invested in better security instead of trying to chase tech trends like NFTs.

  • FarceMultiplier@lemmy.ca
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 years ago

    No website is invulnerable. Since we know from Reddit’s godawful official app they don’t do development very well, no doubt the website also has vulnerable holes.

    • femboy_link.mp4@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      They didn’t access the data through a vulnerability in the code, they phished some employee credentials and access it that way.

  • femboy_link.mp4@beehaw.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    2 years ago

    If you think this will change anything at Reddit, think again.

    Reddit will not pay them or meet their demands. If they do reverse any of their API changes, it won’t be because of this. Businesses can’t been seen to be caving to ransomware groups and rightly so, as it just encourages more of these types of attacks. ALPHV is 100% trying to cash in on the current resentment towards Reddit and it shows.

    We also don’t know what exactly has been accessed, as neither the group nor Reddit will confirm beyond Reddit stating that no production systems or user data was accessed. It could be 80GB of cat GIFs for all we know - I’m going to need more evidence that they have something big than a screenshot of the attacker saying “trust me bro”.

    • Phoeniqz@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 years ago

      Yeah, since the attack already happened in February, they just used this opportunity to make them look good (“they are doing something for the community”). However, I don’t know, but it might affect stock when Reddit goes public.

  • njinx@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 years ago

    Sucks that they lumped API changes into their demands. This is going to make good-faith protestors look bad.

      • naeap
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 years ago

        as it happened in February, I’m not so sure…

  • gentleman@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    2 years ago

    @Phoeniqz If Reddit is only announcing the hack now then that is very likely going to be a legal problem in a number of US jurisdictions, not to mention EU and others.

    • Phoeniqz@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      The article says, the data supposedly contains information about Reddit’s tracking system. I don’t think we want that in the FediVerse

  • atypicaloddity@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    It happened a while back and is just popping up again now because they’re capitalizing on the Reddit drama. So I don’t really have an opinion on them – hacking bad, etc but I don’t really care.

  • tojikomori@kbin.social
    link
    fedilink
    arrow-up
    0
    ·
    2 years ago

    I’ve seen a few sites welcome the news with glee, as though Reddit’s leadership is going to be strongly affected. That’s childish and myopic. This is bad news for everyone.

    Whether or not Reddit pays, we should assume the data will make its way into the hands of people who (further) weaponize it against Reddit’s users, e.g. people who’ve posted risque photos of themselves or shared compromising details through throwaway accounts can be doxxed or matched to their normal accounts via their IP or other common details. PMs and other private account details might contain mailing addresses and other private or compromising information, too. (Edit: as Phoeniqz points out in replies, the article author assumes this is not the case based on Reddit’s and BlackCat’s statements about the leak.)

    If Reddit knew about the breach earlier and didn’t do their due diligence to alert users, then that’s further condemnation of their leadership and priorities, but it doesn’t undo the damage this might cause users.

    If Reddit were to pay BlackCat, then it would further enrich, reward, and encourage them. If, as is more likely, it doesn’t, then the blowback it receives (especially from any high profile consequences of the leak) might encourage other companies to pay up in future.

    • Phoeniqz@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      2 years ago

      From the article:

      We can be pretty sure of what to doesn’t include, and that’s user data such as account details, passwords or payment information. That’s because, from the very start, Reddit made it quite clear that the ‘live’ production systems holding such data were not breached.

      • SickIcarus@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        2 years ago

        That’s because, from the very start, Reddit made it quite clear that the ‘live’ production systems holding such data were not breached.

        Because Reddit is known for being forthright and honest…