Redditors just won’t stop getting hacked.
The social news site has reset 100,000 passwords in the last two weeks, an administrator announced, as it put out a fresh warning about keeping accounts secure.
There has been a “general uptick in account takeovers (ATOs) by malicious (or at best spammy) third parties,” wrote KeyserSosa in Reddit’s official Announcements subreddit on Thurday.
KeyserSosa — real name Christopher Slowe, Reddit’s founding engineer — believes this is down to recent public dumps of hacked passwords, notably a LinkedIn data dump that revealed more than 100 million passwords.
Would-be account hijackers can comb these dumps for password and email address/user name combinations, then try them out on other websites. It’s a reminder of why you shouldn’t reuse passwords for multiple accounts on different services: If one account is breached, then all of them are.
It’s likely that if Reddit is seeing a surge in account hijacking following these passwords dumps, then other popular websites and services across the internet also are.
Slowe shares a few tips for defending yourself against account takeover attempts on Reddit, including setting a strong unique password for each account, verify an email address as an extra line of defence, and checking your activity page for IP addresses you don’t recognise.