Reddit locks out users with poor password hygiene after spotting 'unusual activity'

Forum admin blames recycled credentials for 'security concern'

Some Redditors have been locked out of their accounts over a mysterious security problem that the internet forum's admins have blamed on people reusing old passwords.

Precisely what has happened, or whether Reddit itself has suffered a hack or data breach, is not yet known, only that the website described it as a "security concern".

However, a thread posted by Reddit admin Sporkicide squarely blamed the all-encompassing forum's users for bad password hygiene.

The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services. If another site is compromised and those lists of usernames and passwords become available, it's very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk.

Credential-stuffing attacks are where compromised usernames and passwords harvested by hackers from one site are tried on other sites to see whether they work. One easy way of avoiding this is to not reuse login credentials across different websites.

Thumbs down frownining emoticon

While Zuck squirmed, Reddit revealed it found and killed 944 Russian troll factory accounts

READ MORE

"Over the next few hours, affected accounts will be allowed to reset their passwords to be unlocked and restored. This will take the form of either a notification to the account (yes, you'll be able to log in to get it) and/or an email to any support ticket you've already sent in," continued Sporkicide's post.

Another possible reason for an enforced password reset could be a compromise of users' login credentials from the site operator. There is no evidence in the public domain either way, however.

Reddit is owned by American magazine publishing house Condé Nast. In August last year the site suffered a confirmed data breach after hackers worked around staffers' SMS two-factor authentication protections. ®




Biting the hand that feeds IT © 1998–2019