“Security concern” forces Reddit to lock users out of their accounts

Weak password security to blame after the microblogging platform detects a sharp rise in unauthorised account access

Reddit has locked a large number of users out of their accounts after being alerted to a potential security incident in the form of mass-scale unauthorised access.

The microblogging platform blamed a "security concern" for implementing the reset for some members yesterday, claiming it targeted users who were likely to have set weak passwords, or were reusing their details used across multiple sites.

Advertisement - Article continues below

However, it still remains unclear as to whether the move came in response to a reported breach of user accounts or whether it is just a precaution. The platform has rather vaguely cited weak account security among the main reasons behind the action.

"By "security concern," we mean unusual activity that did not correspond to the account's normal behavior that may indicate unauthorized access," Reddit administrator Sporkicide wrote in a post.

"The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services.

"If another site is compromised and those lists of usernames and passwords become available, it's very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk."

Work is now underway to restore access, but the number of users affected is still unknown and it's not clear how long the recovery will take. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

IT Pro has asked Reddit how many users were affected by the forced password reset and whether this was in reaction to a breach or a preemptive measure, but it had not received a response at the time of publication. 

Meanwhile, a handful of members cast doubt on Reddit's claims that only users who deployed weak account security were asked to reset their passwords, suggesting they themselves used tools like algorithmic generators, yet were still locked out.

The platform has also recommended that users "please, please, please make sure you choose strong passwords that are unique to Reddit", and implement two-factor authentication (2FA) to guarantee an additional layer of protection.

Many users have also posted comments flagging unusual activity they had experienced in the last few days, primarily manifesting as unauthorised logins from various locations registered in their absence from the site.

"Again, 330 million users find themselves grappling with the fact that hackers might have had the potential to access a treasure trove of their data, putting their privacy at risk," said chief scientist and McAfee fellow Raj Samani.

Advertisement - Article continues below

"Whilst I commend Reddit's honesty and the precautions they are taking to lock accounts, I cannot stress enough that users themselves need to take steps to secure their personal security immediately.

"It is time for people to wake up to the real threat they face by having the same password linked across their online accounts. If you use the same password for Reddit and a number of other apps and accounts, you need to change it now. A cybercriminal only needs to get their hands on this once to gain access to your personal and even financial information."

The notion of a "security concern" raises alarms after Reddit suffered a major breach earlier this year. Attackers made away with a trove of users' personal details after intercepting password-based 2FA codes used among a number of its own employees.

The microblogging platform also sustained a similar incident in 2016, resetting 100,000 users' passwords in light of concerns that attackers were able to gain access to user accounts following a massive LinkedIn hack four years before.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business-strategy/careers-training/356422/ibm-job-ad-calls-for-12-year-experience-with-6-year-old
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/security/cyber-attacks/356417/trump-confirms-cyber-attacks-on-russia-election-trolls
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020