Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts.
“A large group of accounts were locked down due to a security concern. By ‘security concern’, we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,” one of the social network’s admins noted in a post on Wednesday.
The issue, reddit claims, steams from the use of simple passwords to secure user accounts on the website, and from the reuse of those passwords on other websites or services as well. Thus, if one website is compromised, all accounts using the same username/password combination are impacted.
However, users commenting to the post claim they were locked out of their accounts despite using strong passwords and not using the same email address for other online accounts as well. Thus, some suggest that a breach on reddit’s part could be the root cause of the unusual activity.
Most users say their accounts were locked down although the activity page shows they were the only ones accessing them. Others, however, confirmed that their accounts were accessed by third parties, some from multiple locations around the world.
The owners of locked accounts are provided the option to reset their passwords to regain access and restore their accounts. The reset prompt is served either as a notification to the account and/or an email to a support ticket.
“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Center,” the admin says.
As usual, users are advised to use strong passwords on their accounts, and to make sure they are unique to the reddit website. Ensuring their email is up to date and enabling two-factor authentication should help users further secure their accounts.
“We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I’ll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can’t answer most account-specific inquiries in public,” the reddit admin concluded.
In an incident disclosed in August 2018, a hacker was able to circumvent two-factor authentication protections used by Reddit and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.
Related: The Real Takeaways From the Reddit Hack
Related: Attackers Circumvent Two Factor Authentication Protections to Hack Reddit
More from Ionut Arghire
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- US, Israel Provide Guidance on Securing Remote Access Software
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
