• narc0tic_bird@beehaw.org
    link
    fedilink
    arrow-up
    33
    ·
    1 year ago

    So they “broke into Reddit” back in February and contacted Reddit in April. After Reddit didn’t react they contacted them again a few days ago at this very opportunistic time.

    They never specified exactly what kind of data they stole, nor did they prove it by providing samples.

    For all we know this story could be entirely made up and they actually have nothing.

    But even if they have something, them trying to come across as the good guys in this is so weird to me. No, you’re not the good guys. You are criminals.

  • Th4tGuyII@kbin.social
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    I want the API changes reverted as much as any other Reddit refugees here, but I can’t stand behind this kind of malfeasant extortion.

    Not only is it blatantly obvious they’re using the API change rhetoric as a means of irritating Reddit into giving them their hush money, it also avts towards delegitimising all protest efforts made by the Subreddits thus far

      • BlueBockser@programming.dev
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        But as the text says, this extortion began 5 days before the API changes were even announced. These criminals don’t give a f*ck about the API and threaten to leak the data of those same users they’re claiming to protect.

        I think we should just ignore this, because it’s a distraction for public pressure and will only make Reddit look better - either by delegitimising the protest or by making them look like a victim instead of the perpetrator they are.

      • Th4tGuyII@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Karma IS a bitch, but I for one am still not going to stand behind illegalities like this. It’s not the way.

        As I said before, these hackers don’t care. The grandstanding is their way of getting attention off the backs of the protests. All supporting these criminals does is delegitimise the real protest by making Reddit look like the victim.

        That aside, even from a practical standpoint this wouldn’t work longterm. If extorted into backpeddalling, Reddit will just quietly up their data security, and once they’ve made sure the threat of a leak is dealt with, they’ll go right on back to the API change.

    • ipkpjersi@lemmy.one
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      1 year ago

      While I agree with you, it’s also hard for me to feel bad for Reddit in this scenario.

      I think it’s not relevant to our cause either way and it’s something that will be forgotten about eventually even if whatever data gets leaked publicly.

      We just gotta focus on making Lemmy better and more desirable.

    • heartlessevil@lemmy.one
      link
      fedilink
      arrow-up
      19
      ·
      1 year ago

      For context, based on historical pushshift data:

      • 80gb zipped decompresses to ~1100GB of text data
      • 80gb zipped would only be the most recent ~4 months of comments

      They do indicate that the data they have is more valuable though, particularly pointing out how users are being tracked (GDPR alarm bells ringing) or censored.

  • nighty@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    Any proof they have what they say they have? If they can’t, at the very least, make that bit public, then imma have to call it a bluff.

      • HopeOfTheGunblade@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Yup. They absolutely shouldn’t pay, for decision theoretic reasons, but that doesn’t mean there won’t be interesting fireworks to watch.

        • PelicanPersuader@beehaw.org
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I’ll be real curious if they have browsing data or subs tied to email addresses. How many .gov emails are subbed to nothing but fetish and porn subreddits?

        • zalack@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Not that this isn’t scummy but my understanding is that “ransomware” refers to software that locks a user or organization out of their systems until a fee is paid, generally my encrypting the disk.

          This seems like a more traditional “hack” of a system where you get in and download data. Which makes threatening them is traditional blackmail.

          • red@feddit.deOP
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            The point is that Alphv is an operator of ransomware as a service (RaaS), specifically BlackCat, independent of whether they used ransomware in this specific attack (which it indeed doesn’t sound like).

  • Kowowow@lemmy.ca
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Ooh ThE rEdDiT fIlEs I can only hope it’s more interesting than the twitter files

  • totorohno@lemmy.one
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Fuck spez, but this is not the way. Why even ask for money if they don’t expect Reddit to pay? That cheapens their cause.

  • borlax@lemmy.borlax.com
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Is it safe to assume that nothing comes of this… Just like every other “hacker group” pretending they hacked some major entitity for a good cause?

  • Hyperi0n@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    I wonder if u/spez ordered this hack so he can back off and save face. Of course I don’t know the context but that’s the first thing that comes to mind.

    • Hyperi0n@lemm.ee
      link
      fedilink
      arrow-up
      11
      ·
      1 year ago

      Nah, reading this no this hack is personal. They hacked this site months ago and now they’re coming in here looking the heroes of the story? No, they were ignored. The hackers got pissed and now they’re using this as an opportunity to get back at reddit. So what, they got maybe a terabyte of decompressed data at most, and they want 4 million dollars? This feels like some script kiddies utilizing a bad situation after getting ignored, not a professional op.