Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Reddit Locks Down Accounts Due to ‘Security Concern’

Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts. 

Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts. 

“A large group of accounts were locked down due to a security concern. By ‘security concern’, we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,” one of the social network’s admins noted in a post on Wednesday.

The issue, reddit claims, steams from the use of simple passwords to secure user accounts on the website, and from the reuse of those passwords on other websites or services as well. Thus, if one website is compromised, all accounts using the same username/password combination are impacted. 

However, users commenting to the post claim they were locked out of their accounts despite using strong passwords and not using the same email address for other online accounts as well. Thus, some suggest that a breach on reddit’s part could be the root cause of the unusual activity. 

Most users say their accounts were locked down although the activity page shows they were the only ones accessing them. Others, however, confirmed that their accounts were accessed by third parties, some from multiple locations around the world. 

The owners of locked accounts are provided the option to reset their passwords to regain access and restore their accounts. The reset prompt is served either as a notification to the account and/or an email to a support ticket. 

“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Center,” the admin says.

Advertisement. Scroll to continue reading.

As usual, users are advised to use strong passwords on their accounts, and to make sure they are unique to the reddit website. Ensuring their email is up to date and enabling two-factor authentication should help users further secure their accounts.

“We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I’ll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can’t answer most account-specific inquiries in public,” the reddit admin concluded. 

In an incident disclosed in August 2018, a hacker was able to circumvent two-factor authentication protections used by Reddit and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.

Related: The Real Takeaways From the Reddit Hack

Related: Attackers Circumvent Two Factor Authentication Protections to Hack Reddit

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.