Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Reddit Locks Down Accounts Due to ‘Security Concern’

Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts. 

Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts. 

“A large group of accounts were locked down due to a security concern. By ‘security concern’, we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,” one of the social network’s admins noted in a post on Wednesday.

The issue, reddit claims, steams from the use of simple passwords to secure user accounts on the website, and from the reuse of those passwords on other websites or services as well. Thus, if one website is compromised, all accounts using the same username/password combination are impacted. 

However, users commenting to the post claim they were locked out of their accounts despite using strong passwords and not using the same email address for other online accounts as well. Thus, some suggest that a breach on reddit’s part could be the root cause of the unusual activity. 

Most users say their accounts were locked down although the activity page shows they were the only ones accessing them. Others, however, confirmed that their accounts were accessed by third parties, some from multiple locations around the world. 

The owners of locked accounts are provided the option to reset their passwords to regain access and restore their accounts. The reset prompt is served either as a notification to the account and/or an email to a support ticket. 

“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Center,” the admin says.

As usual, users are advised to use strong passwords on their accounts, and to make sure they are unique to the reddit website. Ensuring their email is up to date and enabling two-factor authentication should help users further secure their accounts.

Advertisement. Scroll to continue reading.

“We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I’ll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can’t answer most account-specific inquiries in public,” the reddit admin concluded. 

In an incident disclosed in August 2018, a hacker was able to circumvent two-factor authentication protections used by Reddit and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Related: The Real Takeaways From the Reddit Hack

Related: Attackers Circumvent Two Factor Authentication Protections to Hack Reddit

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...