130
submitted 1 year ago by red@feddit.de to c/technology@beehaw.org
you are viewing a single comment's thread
view the rest of the comments
[-] primbin@lemmy.one 6 points 1 year ago

Is there any way to validate these claims?

[-] cowvin@kbin.social 12 points 1 year ago

Usually what happens is that these sorts of blackmailers will leak small, verifiable pieces of data so people know they really got something. We don't see that here, so for now there's no reason to take them seriously yet.

[-] bstix@feddit.dk 2 points 1 year ago

It would still be really easy for Reddit to say "nah homie, thats not our data" even if it is and even if Reddit knows that it is.

How are the hackers able to verify that the data did come from Reddit?

[-] red@feddit.de 6 points 1 year ago

No. If Reddit would negotiate with them, they'd probably leak small subsets as proof that they have actual data that isn't available publicly. But with no negotiations, there's not really any need for that.

[-] vandrw@mander.xyz 5 points 1 year ago

No, haha. They also didn't bother to check what was stolen, so they could have very well gotten 80G of memes.

[-] AtomicPurple@kbin.social 12 points 1 year ago

I took that to mean no one at Reddit bothered to check what was stolen.

[-] blahaj@beehaw.org 6 points 1 year ago

Likewise, to me I interpreted as "There was no attempt (from reddit) to find out what we took."

[-] I_Miss_Daniel@kbin.social 1 points 1 year ago

How do people even know what's been stolen? I know if someone logged into my server and copied stuff, they only way I'd know would be higher data usage.

[-] AtomicPurple@kbin.social 6 points 1 year ago

Either server logs, or the hackers sending them part of the data they have to prove they're ligit. I assume the latter would have happened if Reddit had shown any interest in negotiating.

[-] waz@feddit.uk 7 points 1 year ago

I read that to mean Reddit didn’t try to identify the stolen data, rather than the exploitists. Is that right?

[-] stu@lemmy.pit.ninja 3 points 1 year ago

If Reddit were to reach out privately to this group, the first thing they'd probably do is ask for proof. It's trivially easy to provide proof you've carried out a hack; you just present some specific information that was not public and describe what all else you have in specific enough terms they know you're not bluffing. (Or, I suppose you could just send them your whole dump if you really want to make it clear what all you have). The only way the rest of us will be able to validate these claims is if they leak and it either matches users' own private account info or Reddit issues a disclosure about the hack (which I'm pretty sure they're supposed to do regardless).

this post was submitted on 18 Jun 2023
130 points (100.0% liked)

Technology

37697 readers
294 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS