Probably should’ve invested in better security instead of trying to chase tech trends like NFTs.
You mean the 100th award I could buy was starting to be overkill? /s
Thanks for the gold kind stranger! 🤮
Thanks for the puke kind strager
Thanks for the thanks thanks thanks.
May I gift you a Guilded Reddit Gold NFT Snoo Platinum Anniversary edition for only 50 USD?
@Phoeniqz If Reddit is only announcing the hack now then that is very likely going to be a legal problem in a number of US jurisdictions, not to mention EU and others.
I’m not so sure tho, as no user data was affected.
My read was that BlackCat only got non-prod data. So perhaps it’s sourcecode.
In which case… they’ve likely got nothing of value other than the code used to track users.
@dismalnow having the code out there that Reddit uses to track accounts doesn’t give me warm fuzzies. I’m not a technical guy but it seems that it would be better if that code had not been hacked and put in the hands of people with malicious intent. I have to defer to others on whether the hack compromises Reddit users’ security.
it would be better if that code had not been hacked and put in the hands of people with malicious intent.
And if a frog had wings…
Now that it’s out, it’s best for affected parties to try to determine if immediate action is required to reduce damage to themselves via reddit’s mistake - and all we have is a preliminary, and likely heavily redacted report from the company foolish enough to have allowed itself to get hacked.
So far the information points to non-production data. But the truth is that nobody knows the full scope of egressed data until BlackCat proves it, or reddit runs the fastest penetration forensics team EVER.
Therefore, it’s unlikely to be user information of substance unless you e been uploading photos of your taint, connected your work email address, and have pm’d your credit card number to people.
@dismalnow Maybe I should try that before I delete my Reddit account…at least the taint part. A parting gift to F u/spez. I think you proved my point. There a lot of people that read the revised terms of use and privacy policy when those came out and have an appreciation of the ramifications, but I suspect that a sizable percentage of Redditors do not. So as we are both no doubt are aware there are data-brokers that will piece together information in what we used to call a “mosaic approach” to create a profile - which is in part the cause for my concern.
No website is invulnerable. Since we know from Reddit’s godawful official app they don’t do development very well, no doubt the website also has vulnerable holes.
If you think this will change anything at Reddit, think again.
Reddit will not pay them or meet their demands. If they do reverse any of their API changes, it won’t be because of this. Businesses can’t been seen to be caving to ransomware groups and rightly so, as it just encourages more of these types of attacks. ALPHV is 100% trying to cash in on the current resentment towards Reddit and it shows.
We also don’t know what exactly has been accessed, as neither the group nor Reddit will confirm beyond Reddit stating that no production systems or user data was accessed. It could be 80GB of cat GIFs for all we know - I’m going to need more evidence that they have something big than a screenshot of the attacker saying “trust me bro”.
Great. Fuck em and if they leak it EU citizens can sue the shit out of them :)
No user data was accessed according to Reddit.
according to Reddit
A super trustworthy source as we all know.
Sucks that they lumped API changes into their demands. This is going to make good-faith protestors look bad.
Crackpot idea: it’s a false flag operation by reddit admins trying to sour protest support
Hopefully they publish the data so we can add to the fediverse
The article says, the data supposedly contains information about Reddit’s tracking system. I don’t think we want that in the FediVerse