Reddit this week decided to lock down some user accounts after detecting unusual activity on those accounts.
“A large group of accounts were locked down due to a security concern. By ‘security concern’, we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,” one of the social network’s admins noted in a post on Wednesday.
The issue, reddit claims, steams from the use of simple passwords to secure user accounts on the website, and from the reuse of those passwords on other websites or services as well. Thus, if one website is compromised, all accounts using the same username/password combination are impacted.
However, users commenting to the post claim they were locked out of their accounts despite using strong passwords and not using the same email address for other online accounts as well. Thus, some suggest that a breach on reddit’s part could be the root cause of the unusual activity.
Most users say their accounts were locked down although the activity page shows they were the only ones accessing them. Others, however, confirmed that their accounts were accessed by third parties, some from multiple locations around the world.
The owners of locked accounts are provided the option to reset their passwords to regain access and restore their accounts. The reset prompt is served either as a notification to the account and/or an email to a support ticket.
“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Center,” the admin says.
As usual, users are advised to use strong passwords on their accounts, and to make sure they are unique to the reddit website. Ensuring their email is up to date and enabling two-factor authentication should help users further secure their accounts.
“We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I'll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can't answer most account-specific inquiries in public,” the reddit admin concluded.
In an incident disclosed in August 2018, a hacker was able to circumvent two-factor authentication protections used by Reddit and managed to access some user data, including some current email addresses and a 2007 database backup containing old salted and hashed passwords.
Related: The Real Takeaways From the Reddit Hack
Related: Attackers Circumvent Two Factor Authentication Protections to Hack Reddit