- A large group of Reddit users’ accounts have been locked out due to unusual activity that may indicate unauthorized access.
- The reason for this is bad password practices such as using very simple passwords and reuse of passwords across multiple websites/services.
Reddit account users were locked out of the account due to unusual activity that may indicate unauthorized access. Reddit security team notified their users via a message urging them to reset their passwords with a long, complex password or a strong passphrase.
“We’re requesting some of our users to reset their accounts in light of recent news of Internet security breaches. As a precautionary measure, please reset your password here to continue using your account: https://www.reddit.com/prefs/upate. You will need to use the desktop site to do so if you are on mobile,” the message read, BleepingComputer reported.
“We recommend that you use long, complex passwords (at least 12 characters - a short sentence works beautifully) and do not reuse your password on any other site. We apologize for any inconvenience,” the message read.
Reason behind the unusual activity
Reddit admin Sporkicide explained that the reason for the incident is bad password practices such as using very simple passwords and reuse of passwords across multiple websites/services.
“If another site is compromised and those lists of usernames and passwords become available, it’s very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk,” Sporkicide said in a post.
Few Reddit users admitted having a simple password, while others claimed to have a strong and unique password. However, multiple users reported that their accounts have been accessed from multiple countries such as Italy, Brazil, Bangladesh, Russia, Thailand.
Sporkicide explained Reddit users that affected accounts will be allowed to reset their passwords to be unlocked via notification or email support ticket submitted by users.
“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time,” Sporkicide requested Reddit users.
Moreover, he recommended users to choose strong, unique passwords and enable automated password resets and Two-factor authentication in order to secure their accounts.