Reddit locked Down accounts due to alleged security breach

The social media platform Reddit has notified users that some of them have been locked out of their accounts after detecting suspicious activity.

Reddit locked down a large number of user accounts after due to a security concern after detecting suspicious activity on them. 

“If you are here because you’ve been locked out of your account in the last day or so, you’re in the right place and we want to help you get your account back in working order.” reads a post published by one of the Reddit admins.

“A large group of accounts were locked down due to a security concern. By ‘security concern’, we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access,”

Reddit seems to exclude a security breach of its systems, it pointed out that the root cause of the accounts lockdown is caused by the use of simple passwords on its website and from the reuse of those passwords on multiple services.

The motivation is not accepted by some users that commenting to the post claim they were locked out of their accounts even if they were using strong passwords and not using the Reddit credentials on other websites. If confirmed this means that Reddit was the victim of a data breach.

“I don’t have any other sites or addresses associated with my Reddit account, so I can safely rule out that possibility. This was breach on Reddit’s part or someone managed to bruteforce my unique credentials, including strong password. I’m leaning toward the former.” wrote a Reddit user.

Some users reported that their accounts were locked down although the activity page shows they were the only ones accessing them.

Other users instead reported that someone accessed their accounts from multiple locations worldwide.

The users that were locked out from their accounts were asked to reset their passwords to restore their accounts.

“Over the next few hours, affected accounts will be allowed to reset their passwords to be unlocked and restored. This will take the form of either a notification to the account (yes, you’ll be able to log in to get it) and/or an email to any support ticket you’ve already sent in.” explained the admin.

“It may be a little while before you receive your notice, but please be patient. There’s no need to file additional support tickets or send messages to the admins at this time. If you haven’t seen any update by tomorrow, contact us at that time via the Help Center. ”

“We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I’ll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can’t answer most account-specific inquiries in public,” concluded the admin. 

In August 2018, Reddit warned users of a security breach, an attacker broke into the systems of the platform and accessed user data.

The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

The data breach was discovered on June 19, 2018, according to Reddit, between June 14 and 18, 2018, the attacker compromised some of the employees’ accounts with the company cloud and source code hosting providers.R

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Reddit, data breach)

[adrotate banner=”5″] [adrotate banner=”13″]