Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Reddit locks out users with poor password hygiene after spotting 'unusual activity'

Forum admin blames recycled credentials for 'security concern'

Gareth Corfield Thu 10 Jan 2019  //  19:13 UTC

Some Redditors have been locked out of their accounts over a mysterious security problem that the internet forum's admins have blamed on people reusing old passwords.

Precisely what has happened, or whether Reddit itself has suffered a hack or data breach, is not yet known, only that the website described it as a "security concern".

However, a thread posted by Reddit admin Sporkicide squarely blamed the all-encompassing forum's users for bad password hygiene.

The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services. If another site is compromised and those lists of usernames and passwords become available, it's very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk.

Credential-stuffing attacks are where compromised usernames and passwords harvested by hackers from one site are tried on other sites to see whether they work. One easy way of avoiding this is to not reuse login credentials across different websites.

While Zuck squirmed, Reddit revealed it found and killed 944 Russian troll factory accounts

READ MORE

"Over the next few hours, affected accounts will be allowed to reset their passwords to be unlocked and restored. This will take the form of either a notification to the account (yes, you'll be able to log in to get it) and/or an email to any support ticket you've already sent in," continued Sporkicide's post.

Another possible reason for an enforced password reset could be a compromise of users' login credentials from the site operator. There is no evidence in the public domain either way, however.

Reddit is owned by American magazine publishing house Condé Nast. In August last year the site suffered a confirmed data breach after hackers worked around staffers' SMS two-factor authentication protections. ®
Send us news
13 Comments

Microsoft really does not want Windows 11 running on ancient PCs

Even tighter requirements mean it's time to put old hardware out to pasture... or find an alternative OS

SAP cloud swells its topline, but profits slide

Cloud migration good for margins, CEO says

Mandiant: Orgs are detecting cybercriminals faster than ever

The 'big victory for the good guys' shouldn't be celebrated too much, though

UnitedHealth admits breach could 'cover substantial proportion of people in America'

That said, good old US healthcare system so elaborately costly some are forced to avoid altogether

Voyager 1 regains sanity after engineers patch around problematic memory

All from billions of miles away

Leicester streetlights take ransomware attack personally, shine on 24/7

City council says it lost control after shutting down systems

Silicon Valley roundabout has drivers in a spin

Accidents at intersection quadruple

Don't rent out that container ship yet: CIOs and biz buyers view AI PCs with some caution

Risky bet? Premium price with 'no demonstrable benefits'? It doesn't sound like an order avalanche

Over a million Neighbourhood Watch members exposed through web app bug

Unverified users could scoop up data on high-value individuals without any form of verification process

Meta comms chief handed six year Russian prison sentence for 'justifying terrorism'

Memo to Andy Stone: Don't go to Russia for your holidays

European Commission to suspend TikTok's new rewards program, open second probe

For some reason the world's most notorious app decided not to tick all boxes under the world’s toughest digital law

Misconfigured cloud server leaked clues of North Korean animation scam

Outsourcers outsourced work for the BBC, Amazon, and HBO Max to the hermit kingdom