American Social Media Giant Reddit has locked some users accounts or suspended them due to irregular or unusual activity that is consistent with unauthorized access. The security team at Reddit has said that they plan on reinstating the users by allowing affected users to perform a password reset.
The activity is thought to be linked to a credential stuffing attack. Credential stuffing is defined as
” a specific type of hacking that secures user credentials by breaching a system, and then attempts to use those credentials with other systems”.
These type of attacks rely on people using the same username and password combinations across several accounts, meaning that once they receive one combination, they can try it with other accounts and gain access to those if the same combination is used.
Using the same username and password is dangerous but is common. It is recommended that people use different usernames and passwords, and also use secure passwords that will not be easily guessed by attackers. You can use a password manager to help remember and keep track of your passwords across different accounts.
However, some users have said that they don’t think a credential stuffing attack is at play here. Some affected users claim that their credentials were unique to Reddit and sufficiently strong so that they wouldn’t have been easily guessed.
One affected user suggested a “check for Reddit data/security leaks instead of only user-errors.”
In terms of unusual activity, some users have reported that their activity log shows that their account has been accessed from different locations around the world.
Some affected users received an email from Reddit saying that their account was suspended for breaking the rules. This of course alarmed and confused users who did nothing wrong, and many support tickets have been opened. Some users have now gained access to the accounts, but others are still waiting for the password reset.