The Register reports that social media platform Reddit has locked-out a large number of users because they use simple passwords or have used the same password elsewhere. The move came after Reddit noticed ‘unusual activity’ within accounts matching that profile.
Reddit hasn’t gone into detail about what the activity involved. Although, it’s likely they detected excessive login attempts or successful logins from countries not usually associated with those accounts.
Locking out accounts with poor password hygiene suggests Reddit has come to the conclusion that cyber criminals have been password stuffing. This is where login credentials disclosed in a data breach from one website are used to try to login to another website or websites. The best way to protect yourself from password stuffing is to use different passwords for each of your online accounts and two-fact-authentication wherever it is available.
Reddit gradually allowed effected users to reset their passwords and add two-factor-authentication to their accounts.
Not all users accept that they were to blame. On a Reddit forum about the issue, some commenters denied using weak passwords or recycling passwords from elsewhere – pointing the blame at a breach within Reddit’s systems instead.