Monday, February 6, 2023
  • Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42
  • How Data Governance Policies Impact Cybersecurity
  • Maximizing Your Efficiency as a Cloud Engineer: The Right Tools Make All the Difference
  • ChatGPT-Written Malware Will Change the Threat Landscape
  • Hunter Biden’s Laptop Revisited: What it Means for Cloud Storage

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Identity & Access Security Bloggers Network 

Home » Cybersecurity » Data Security » Reddit users locked out of accounts after “security concern”

SBN

Reddit users locked out of accounts after “security concern”

by Graham Cluley on January 10, 2019

A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a “security concern.”

TechStrong Con 2023Sponsorships Available

The lockout occurred as Reddit’s security team investigates what appears to have been an attempt to log into many users’ accounts through a credential-stuffing attack.

In a post on Reddit’s Help subreddit, admin Sporkicide explained that the site had detected unusual behavior suggestive of a hacker gaining control to users’ accounts.

The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services. If another site is compromised and those lists of usernames and passwords become available, it’s very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk.

Credential-stuffing attacks see hackers using stolen passwords from other data breaches to launch automated systems against sites in an attempt to compromise accounts. Such attacks take advantage of the fact that so many internet users persist in recycling passwords rather than choosing unique hard-to-crack passwords to defend their online accounts.

Most Reddit users first learned of the issue when some of them received emails from the site telling them that they should reset their passwords and ensure that they were not using the same password anywhere else online.

Unfortunately, according to Sporkicide, Reddit messed up some of its communications by incorrectly informing some affected users that their accounts had been suspended.

Things were also made somewhat more confusing by an unusual aspect of how Reddit works. Unlike many other websites, Reddit allows users to access the site without initially setting a password, meaning (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/reddit-users-locked-accounts-security-concern/

January 10, 2019January 10, 2019 Graham Cluley 2fa, Featured Articles, IT Security and Data Protection, Password, reddit
  • ← The Role Of A CISO During Digitization
  • NetworkMiner 2.4 Released →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

‘Finish Him!’ US Kills Huawei With Final Tech Ban
Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
AI, Processor Advances Will Improve Application Security
OpenSSF Head Delivers AI Warning for Application Security
The Top HEAT Attacks of 2022
Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
Hospitals Hit by DDoS Attacks as Killnet Group Targets the Healthcare Sector – What You Need to do Now
3 Trends in Successful Threat Hunting Across Networks in a Multi-Cloud World
ChatGPT and API Security
Automating security for Linux servers and applications

Upcoming Webinars

Mon 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Wed 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Wed 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Tue 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Wed 22

Three Steps to Software Supply Chain Security Success in 2023

February 22 @ 1:00 pm - 2:00 pm
Tue 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm
Mar 20

Software Supply Chain Security

March 20 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Humor Identity & Access Incident Response Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology

February 3, 2023 Richi Jennings | 3 days ago 0
‘Finish Him!’ US Kills Huawei With Final Tech Ban
AI and Machine Learning in Security AI and ML in Security Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Finish Him!’ US Kills Huawei With Final Tech Ban

February 1, 2023 Richi Jennings | 4 days ago 0
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0

Top Stories

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

February 6, 2023 Richi Jennings | 6 minutes ago 0
ChatGPT-Written Malware Will Change the Threat Landscape
AI and Machine Learning in Security AI and ML in Security Application Security Cybersecurity Editorial Calendar Featured Identity & Access Malware News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

ChatGPT-Written Malware Will Change the Threat Landscape

February 6, 2023 Sue Poremba | 3 hours ago 0
Hunter Biden’s Laptop Revisited: What it Means for Cloud Storage
Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access News Security Boulevard (Original) Spotlight 

Hunter Biden’s Laptop Revisited: What it Means for Cloud Storage

February 6, 2023 Mark Rasch | 4 hours ago 0

Security Humor

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.