May 27th, 2016, 21:11 PM
Reddit resets 100,000 user passwords as web security takes a battering
Reddit has reset more than 100,000 user passwords following a rise in account takeovers, suggesting that the impact of the LinkedIn hack is being felt in other corners of the web.
Reddit reassured users that it hasn't been hacked, but that it has noticed a surge in account takeovers by malicious, or "spammy", third parties.
"If you haven't seen it in the news, there have been a lot of recent password dumps made available on the parts of the internet most of us generally avoid," Reddit founding engineer Christopher Slowe said in a post on the site.
"With this access to likely username and password combinations, we've noticed a general uptick in account takeovers by malicious (or at best spammy) third parties.
"Reddit itself has not been exploited, but even the best security in the world won't work when people are reusing passwords between sites. We've ramped up our ability to detect the takeovers, and sent out 100,000 password resets in the last two weeks."
Reddit also warned that throwaway accounts, many of which have been inactive for years, will have their passwords reset, and will be disabled if the owners donít log in for a month after the reset.
Reddit said in a Q&A underneath the announcement that it's considering rolling out two-factor authentication in a bid to make itself even less appealing to hackers and spambots.
"We're definitely considering it. In fact, admins are required to have two-factor authentication set up to use the administrative parts of the site. It's behind a second authentication layer," said Slowe.
"Unfortunately, to roll this out further, Reddit has a huge ecosystem of apps, including our newly released iOS and Android client. Adding two-factor authentication to the log-in flow will require a lot of coordination."