“Security concern” forces Reddit to lock users out of their accounts

Weak password security to blame after the microblogging platform detects a sharp rise in unauthorised account access

Reddit has locked a large number of users out of their accounts after being alerted to a potential security incident in the form of mass-scale unauthorised access.

The microblogging platform blamed a "security concern" for implementing the reset for some members yesterday, claiming it targeted users who were likely to have set weak passwords, or were reusing their details used across multiple sites.

However, it still remains unclear as to whether the move came in response to a reported breach of user accounts or whether it is just a precaution. The platform has rather vaguely cited weak account security among the main reasons behind the action.

"By "security concern," we mean unusual activity that did not correspond to the account's normal behavior that may indicate unauthorized access," Reddit administrator Sporkicide wrote in a post.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services.

"If another site is compromised and those lists of usernames and passwords become available, it's very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk."

Work is now underway to restore access, but the number of users affected is still unknown and it's not clear how long the recovery will take. 

IT Pro has asked Reddit how many users were affected by the forced password reset and whether this was in reaction to a breach or a preemptive measure, but it had not received a response at the time of publication. 

Meanwhile, a handful of members cast doubt on Reddit's claims that only users who deployed weak account security were asked to reset their passwords, suggesting they themselves used tools like algorithmic generators, yet were still locked out.

The platform has also recommended that users "please, please, please make sure you choose strong passwords that are unique to Reddit", and implement two-factor authentication (2FA) to guarantee an additional layer of protection.

Advertisement - Article continues below

Many users have also posted comments flagging unusual activity they had experienced in the last few days, primarily manifesting as unauthorised logins from various locations registered in their absence from the site.

"Again, 330 million users find themselves grappling with the fact that hackers might have had the potential to access a treasure trove of their data, putting their privacy at risk," said chief scientist and McAfee fellow Raj Samani.

"Whilst I commend Reddit's honesty and the precautions they are taking to lock accounts, I cannot stress enough that users themselves need to take steps to secure their personal security immediately.

"It is time for people to wake up to the real threat they face by having the same password linked across their online accounts. If you use the same password for Reddit and a number of other apps and accounts, you need to change it now. A cybercriminal only needs to get their hands on this once to gain access to your personal and even financial information."

Advertisement
Advertisement - Article continues below

The notion of a "security concern" raises alarms after Reddit suffered a major breach earlier this year. Attackers made away with a trove of users' personal details after intercepting password-based 2FA codes used among a number of its own employees.

The microblogging platform also sustained a similar incident in 2016, resetting 100,000 users' passwords in light of concerns that attackers were able to gain access to user accounts following a massive LinkedIn hack four years before.

Featured Resources

Transform the operator experience with enhanced automation & analytics

Bring networking into the digital era

Download now

Artificially intelligent data centres

How the C-Suite is embracing continuous change to drive value

Download now

Deliver secure automated multicloud for containers with Red Hat and Juniper

Learn how to get started with the multicloud enabler from Red Hat and Juniper

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/data-insights/big-data/354311/google-reveals-uks-most-searched-for-terms-in-2019
big data

Google reveals UK’s most searched for terms in 2019

11 Dec 2019