Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Reddit Locks Down Accounts Due to ‘Security Concern’

Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts. 

Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts. 

“A large group of accounts were locked down due to a security concern. By ‘security concern’, we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,” one of the social network’s admins noted in a post on Wednesday.

The issue, reddit claims, steams from the use of simple passwords to secure user accounts on the website, and from the reuse of those passwords on other websites or services as well. Thus, if one website is compromised, all accounts using the same username/password combination are impacted. 

However, users commenting to the post claim they were locked out of their accounts despite using strong passwords and not using the same email address for other online accounts as well. Thus, some suggest that a breach on reddit’s part could be the root cause of the unusual activity. 

Most users say their accounts were locked down although the activity page shows they were the only ones accessing them. Others, however, confirmed that their accounts were accessed by third parties, some from multiple locations around the world. 

The owners of locked accounts are provided the option to reset their passwords to regain access and restore their accounts. The reset prompt is served either as a notification to the account and/or an email to a support ticket. 

“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Center,” the admin says.

As usual, users are advised to use strong passwords on their accounts, and to make sure they are unique to the reddit website. Ensuring their email is up to date and enabling two-factor authentication should help users further secure their accounts.

Advertisement. Scroll to continue reading.

“We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I’ll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can’t answer most account-specific inquiries in public,” the reddit admin concluded. 

In an incident disclosed in August 2018, a hacker was able to circumvent two-factor authentication protections used by Reddit and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Related: The Real Takeaways From the Reddit Hack

Related: Attackers Circumvent Two Factor Authentication Protections to Hack Reddit

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.