View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 11, 2019updated 11 Jul 2022 5:13am

Reddit Locks Accounts, Issues Password Warning

Over 517 million passwords have been exposed in previous breaches

By CBR Staff Writer

Reddit, the popular social media platform with over 330 million unique monthly users, has been forced to block access for a “large group of accounts” in a security incident.

A Reddit blog by “Sporkicide cited “unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access.”

They added: “The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services.”

With 517 Million Passwords Leaked, Such Attacks are Common

“If another site is compromised and those lists of usernames and passwords become available, it’s very likely that they will be tried against other popular sites to see if they work”, they added – a so-called “credential stuffing” attack.

(There are over 517 million “real world” passwords in circulation that have been exposed in previous data breaches, according to haveibeenpwned.com).

Reddit Account Attack: Password Recycling Has to Stop

Raj Samani, Chief Scientist and McAfee Fellow said in an emailed comment: “Whilst I commend Reddit’s honesty and the precautions they are taking to lock accounts, I cannot stress enough that users themselves need to take steps to secure their personal security immediately. It is time for people to wake up to the real threat they face by having the same password linked across their online accounts.

“Recent McAfee research revealed a third of people rely on the same three passwords for every account they are signed up to. If you use the same password for Reddit and a number of other apps and accounts, you need to change it NOW. A cybercriminal only needs to get their hands on this once to gain access to your personal and even financial information. We know it’s hard to remember all your passwords but using a password generator and manager can help solve this problem and ensure you don’t become an easy target for these sophisticated cybercriminals.”

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

In response from one user asking how often Reddit users are prompted to review their security settings and how often are they encouraged to set up two-factor authentification (2FA) Reddit’s Sporkicide admitted: “Not often enough and we know it 🙂 Those are good ideas and we definitely would like to put more intuitive account security features in place soon.”

One approach is to use a password manager. Should you use one?

According to the UK’s National Cyber Security Centre (NCSC) the answer is an unequivocal “yes”.

See also: Reddit User Finds Mystery Hardware Attached to Router After Facebook-Based Scam

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU