First off – no Reddit has not been compromised, so if you have an account to this broad range social media site, you can let out that deep breath you’re holding. But they, along with every other organization that takes security seriously, have been shaking their heads for quite some time over passwords.
“Even the best security in the world won’t work when users are reusing passwords between sites.” A quote from Reddit administrator KeyerSosa, that we here at Secure Sense whole heartedly agree with. Reddit has made the proactive step and sent out 100,000 password resets over the last two weeks. This is in reaction to all of the breaches and password dumps that have been in the news, most recently with LinkedIn’s breach of 167 million emails. “We’ve noticed a general uptick in account takeovers (ATOs) by malicious (or at best spammy) third parties.”
Reddit also talked about throw away accounts and the sheer number of them that are currently just placeholders in their database. “Throwaway accounts are fine, but we’ve had tons of completely abandoned accounts with no discernible history and exist as placeholders in our database. They’ve never posted. They’ve never voted. They haven’t logged in for several years. They are also a huge possible surface area for ATO’s, because I generally don’t want to think about it (though I do) how many of them have the password ‘hunter 2’. Shortly, we are going to start issuing password resets to these accounts and, if we don’t get a reaction in about a month, we’re going to disable them. Please keep an eye out!”
Bravo Reddit, bravo.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.