The uncounted number of Reddit accounts have been locked out due to the prevailing security risk found by the site admin. Staff member “Sporkicide” observed unauthorized access due to which the account access was taken from the users.
The Reddit notification post only disclosed that the “large number of accounts were locked down due to a security concern.” It wasn’t mentioned that what was the amount. However, the post from the staffer further says that the security concern refers to the odd behaviour unlike the normal activity.
Explaining the issue, admin indicated towards a common practice of keeping similar passwords for multiple accounts. Therefore, if any of the websites is hacked, the users and their credentials will be available to the attackers. In this case, these credentials could be applied to the other popular platforms including Reddit and if a user has been using similar credential combination for any other account, it could be at risk.
With the start of 2019, the credential stuffing attacks could become more popular as they are easily carried out with the help of automated software. This software injects the compromised credentials into many popular websites so that they can find maximum matches.
According to the Trend Micro prediction, “Breached credentials will be actively and heavily used in fraudulent transactions as cyber-criminals take the next logical step after amassing data breach info dumps in past years: using these stolen credentials.”
Last year, Reddit suffered a prominent attack in which immense user data was compromised. The attack was incited by the hackers via staff accounts which were accessed through intervening SMS-based two-factor authentication codes.
Responding to the post, many redditors have said that their account had unique and strong password for Reddit. Whereas, in the yesterday’s security notice, Sporkicide mentioned that within few hours the locked account holders will be able to reset their password. The notice states, “This will take the form of either a notification to the account (yes, you'll be able to log in to get it) and/or an email to any support ticket you've already sent in.”
Reddit accounts are a great attraction for users because of the easy entry, high trust for accounts, and the opportunity to push malicious content and make it viral.
Admin requested the Reddit users to set a unique and strong password. He further added, “I also encourage you to take this opportunity to make sure your email address is up to date to enable automated password resets and to add two-factor authentication to further secure your account.”