Reddit Hacking Saga Continues As Company Resets 100k Passwords

Reddit to Reset Passwords of 100,000 Users in Two Week time due to Surprising Upsurge in Hack Attacks

Reddit has been on the radar of hackers and malicious actors nowadays as the company has received a flurry of hack attacks resulting in many users accounts being compromised or hijacked. Thus, the company has now announced to address this “uptick” in account hijacking by resetting the passwords of over 100,000 users. The company has claimed to achieve this momentous task within two weeks.

The move can also be termed as a precautionary measure because of the recent hike in large-scale data breaches such as the leaking of over 100 million LinkedIn emails and passwords.

According to Reddit’s founding engineer Christopher Slowe “, there have been a lot of recent passwords dumps made available on the parts of the internet most of us generally avoid. With this access to the likely username and password combinations, we’ve noticed a general uptick in account takeovers (ATOs) by malicious (or at best spammy) third parties.”

Slowe wrote on KeyerSosa, his moniker, that although Reddit hasn’t been exploited at such grand scale but “even the best security in the world won’t work when users are reusing passwords between sites,” and therefore, users can expect many more password resets as the company will continue to “verify and validate that no one except for you is using your account.”

However, Slowe also advised that users need to keep unique and strong passwords and must keep an account recovery email in case of hacking or they identify some sort of abnormal activity on their accounts.

The company will also reset passwords of accounts that haven’t been in use or have stayed inactive for years. These are called throwaway accounts. Slowe wrote:

“Throwaway accounts are fine, but we have tons of completely abandoned accounts with no discernible history and exist as placeholders in our database. They’ve never posted. They’ve never voted. They haven’t logged in for several years. They are also a huge possible surface area for [account takeovers].’”

It is important to reset passwords of these throwaway accounts because hijackers can use them for their malicious purposes by trying them out.