Reddit resets 100,000 passwords in wake of LinkedIn hack

Microsoft bans simple passwords as LinkedIn looks out for suspicious account activity

Reddit has reset 100,000 passwords after hackers stole people's credentials from other sites to take over their accounts.

The social network alerted its user base yesterday to the fact it had sent out the reset notices over the past fortnight, following hacks on sites such as LinkedIn, which spilled 117 million people's account details back in 2012, which a hacker decided to sell for 1,500 this month.

"With this access to likely username and password combinations, we've noticed a general uptick in account takeovers (ATOs) by malicious (or at best spammy) third parties," a post by Reddit read.

Explaining that Reddit has not been hacked, the firm said the rise in account takeovers was down to people re-using the same passwords on multiple sites, meaning hackers with their LinkedIn credentials could use the same details to log into their Reddit accounts.

"We've ramped up our ability to detect the takeovers, and sent out 100k password resets in the last 2 weeks," Reddit added. "More are to come as we continue to verify and validate that no one except for you is using your account."

It advised people to use "strong, unique" passwords, setting and verifying email addresses for their account, and checking their account activity for unusual goings-on.

LinkedIn suffered the data breach in 2012, but only realised earlier this month that hackers were selling the data online it said people's accounts still at risk were those who had not changed the password in the aftermath of the cyber attack.

In an email to its 400 million members sent this week, LinkedIn explained other measures it has taken to mitigate the breach.

It said: "We invalidated passwords of all LinkedIn accounts created prior to the 2012 breach that had not reset their passwords since that breach.

"In addition, we are using automated tools to attempt to identify and block any suspicious activity that might occur on LinkedIn accounts. We are also actively engaging with law enforcement authorities."

The consequences of the LinkedIn hack led Microsoft to pledge to ban simple, overused passwords in order to improve security.

In a blog post, Microsoft's identity division director, Alex Simons explained his team analysed common passwords so Microsoft users are blocked from picking them.

Various missions are underway to improve security, such as Google and Yahoo both trying to replace passwords with other methods for people to identify themselves.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

What is e-safety?
e safety

What is e-safety?

27 Jan 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Mimecast links breach to SolarWinds hackers
Security

Mimecast links breach to SolarWinds hackers

27 Jan 2021
TikTok vulnerability exposed private user data
data protection

TikTok vulnerability exposed private user data

26 Jan 2021

Most Popular

WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021