Reddit has taken what could best be described as a proactive step to prevent security breaches following waves of attacks on LinkedIn and MySpace.
Christopher Slowe, Reddit’s co-founder announced on Thursday that the company had taken precautionary measures to ask 100,000 users their passwords after its security team detected a growing number of accounts being hijacked.
Recently, a couple of security breaches affecting LinkedIn and MySpace were reported. LinkedIn experienced data breaches which involved 167 million records. Not to be caught unaware since such occurrence could spread online like wildfire, Reddit wants its users to consider changing their passwords.
In the email sent out by the company to 100,000 of its users, Reddit advised them to not only consider updating their password—but also avoid using the same password across different accounts online.
“Though Reddit itself has not been exploited, even the best security in the world won’t work when users are reusing passwords between sites,” the company said. We’ve ramped up our ability to detect the takeovers, and sent out 100k password resets in the last 2 weeks.”
Many users have or share their passwords across platforms, which enables attackers to use a corresponding Reddit username and search their databases. A successful search further encourages them to use the account’s password on Reddit.
This will be first of more emails to be sent to users as the company plan to encourage more members to update their passwords and consider using stronger ones. “More are to come as we continue to verify and validate that no one except for you is using your account.
Microsoft not taking chances too
We expect that more websites will follow similar pattern and encourage members to update and desist from using similar passwords across websites. Meanwhile, Microsoft during the week announced plans to ban use of what it termed “commonly used passwords.”
“Based on the latest research, there are some straight forward, concrete steps you can take as a user or as an administrator to help protect your accounts. And we’ve got some great features in #AzureAD and the Microsoft Account service that can help you as well,” wrote Alex Simon, Director of Program Management Microsoft Identity Division.
LinkedIn password breach, a child’s splay compared to MySpace
MySpace was not left out as it was given a dose of similar treatment that was given to LinkedIn by the same attacker. Multiple sources have reported what could well be the biggest security breach ever as MySpace suffered similar fate as LinkedIn did about a fortnight ago.
MySpace has not released any statement to confirm the breaches, but LeakedSource analysts say they have found 427,484,128 user passwords, but not all were attached to accounts. “We noticed that very few passwords were over 10 characters in length (in the thousands) and nearly none contained an upper case character which makes it much easier for people to decrypt,” a statement on LeakedSource said.
The only ways (for now) out of persistent reports of password leakages is for users to use strong passwords and avoid using one password across multiple websites or accounts.
Got something on your mind to say or add to this story? Share it in the comments section.