Application security, Threat Management, Network Security

Credential stuffing attack prompts Reddit to force password reset

Some Reddit users discovered they were locked out of their own accounts earlier this week after an apparent credential stuffing attack compelled the popular website to invoke password security measures.

An admin post published on Reddit’s Help subreddit this past Wednesday advises users that a "large group of accounts were locked down" due to anomalous activity suggesting unauthorized access. Consequently, affected users were informed they would have to rest their passwords to regain access.

In a credential stuffing attack, malicious actors attempt to use passwords previously stolen from one source to illegally access other, unrelated websites and online services, in hopes that the user entered the same credentials.

The Reddit admin, Sporkicide, implored users who were resetting their credentials to choose strong, unique passwords and employ two-factor authentication.

According to security expert Graham Cluley via the Tripwire blog, Reddit experienced complications while responding to the threat. For starters, Reddit misinformed certain users that their accounts were suspended when they were actually just locked out as a precaution. The website later corrected this mistake.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.