Reddit has reset over 100,000 account passwords after identifying a surge in account takeovers, which moderators believe can be attributed to the recent slew of massive data dumps posted online by malicious hackers. Reddit, however, maintains that it has not been hacked and in efforts to err on the side of caution is ramping up its security measures.
Reddit founding engineer Christopher Slowe said in a post: "If you haven't seen it in the news, there have been a lot of recent password dumps made available on the parts of the internet most of us generally avoid. With this access to likely username and password combinations, we've noticed a general uptick in account takeovers by malicious (or at best spammy) third parties."
He added: "Reddit itself has not been exploited, but even the best security in the world won't work when people are reusing passwords between sites. We've ramped up our ability to detect the takeovers, and sent out 100,000 password resets in the last two weeks. More are to come as we continue to verify and validate that no one except for you is using your account."
Reddit has also cautioned that the accounts that have been abandoned by users and remained inactive for several years will have their passwords reset. Account-holders who do not want to see their old accounts disabled will have to log in within 30 days of the account's password having been reset.
Reddit has said that it is considering implementing a two-factor authentication in efforts to defend itself against hackers and spambots. "We're definitely considering it. In fact, admins are required to have two-factor authentication set up to use the administrative parts of the site. It's behind a second authentication layer," said Slowe.
"Unfortunately, to roll this out further, Reddit has a huge ecosystem of apps, including our newly released iOS and Android client. Adding two-factor authentication to the log-in flow will require a lot of coordination."
There has been an alarming rise in cybercrime in the recent past, with both the financial as well as social media community being targeted by hackers. Twitter recently saw over 2,500 of its accounts hacked while international banks appear to be in an ongoing assault from hackers.
In the wake of rising cybercrime activity, the security community, not unlike Reddit, is on high alert and is ramping up its defence against prospective attacks.