Cyber Incident Victim: Reddit

In May 2016, Reddit detected a significant increase in account hijackings and unauthorized takeovers, primarily attributed to malicious third parties conducting spam operations. The company confirmed no breach of its own systems but identified external password leaks from other platforms—such as the LinkedIn data breach—as the root cause. Attackers exploited users’ tendencies to reuse weak or compromised credentials across multiple services. Between mid-May and May 27, Reddit’s security team proactively reset passwords for approximately 100,000 accounts exhibiting suspicious activity, with plans to expand these resets as ongoing verification efforts continued. The company emphasized its enhanced detection capabilities for identifying compromised accounts and urged affected users to create unique, strong passwords exclusive to Reddit.

Reddit’s response included technical and procedural measures to mitigate risks. Engineer Christopher Slowe advised users to register and verify email addresses to facilitate account recovery if hijacked and recommended monitoring login activity for anomalies like unfamiliar locations. The company also targeted abandoned “throwaway” accounts—those inactive for years with no posts or votes—deeming them vulnerable entry points for attackers. These accounts were included in password resets and scheduled for deletion if unaccessed within 30 days. Reddit disclosed internal discussions about implementing two-factor authentication for non-admin accounts but cited compatibility challenges with third-party apps and clients as obstacles. The incident underscored operational impacts, including forced user resets, planned purges of inactive accounts, and heightened scrutiny of credential reuse patterns linked to external breaches.