this post was submitted on 18 Jun 2023
199 points (100.0% liked)

Technology

37603 readers
628 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
Los@beehaw.org
coldredlight@beehaw.org
remington@beehaw.org
199
Alphv ransomware group claims to have hacked Reddit, threatens to leak data unless money paid and API changes reverted (feddit.de)
submitted 1 year ago by red@feddit.de to c/technology@beehaw.org
84 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Rachel@derp.foo 13 points 1 year ago (3 children)

Is there any information on what kind of data they stole? It’s a public forum with a lot of public data, it makes no sense that they negotiate about data that is already public.

[–] tal@kbin.social 20 points 1 year ago* (last edited 1 year ago) (1 children)

Well, assuming that this is even directly related to the forum, as opposed to, say, email logs from the Reddit internal email server or something, things that might not be public:

  • Private messages between users.

  • Browsing data. I mean, maybe a user only posts on /r/politics, and that's public, but spends a lot of time browsing /r/femdom or whatever.

  • IP addresses of users. Might be able to associate multiple accounts held by a user.

  • Passwords. While hopefully stored in a salted and hashed format, so they can't be simply trivially obtained, they can still be attacked via dictionary attacks, which is why people are told not to use short and predictable passwords.

  • Email addresses (if a user registered one)

  • Reddit has some private chat feature that I've never used, which I imagine is logged.

[–] redcalcium@c.calciumlabs.com 7 points 1 year ago

Reddit used to be open source and the password was hashed using bcrypt.

[–] cowvin@kbin.social 11 points 1 year ago (1 children)

Well they mention Github artifacts in that message so it sounds like it's more like they may have obtained source code and that sort of non public stuff.

[–] mobyduck648@beehaw.org 7 points 1 year ago

Their code was open source until 2017 and it’s got progressively more dogshit for the end user since, I suspect if this is real it’s probably a bit juicier.

[–] Otome-chan@kbin.social 5 points 1 year ago

reddit has private messaging and a chat feature as well.