author photo
By Bruce Sussman
Thu | Jan 10, 2019 | 8:30 AM PST

Did you get locked out of your Reddit account this week? If so, you are not alone. 

Reddit locked down a large number of accounts because of unusual activity and what it calls a security concern.

Large number of Reddit accounts locked out

Reddit explained why many users were forced to reset usernames and passwords in the following message, posted on the site. It was also a cybersecurity lesson on unique and strong passwords, along with a push to enable two-factor authentication (2FA):

Recently locked out of your account? Help is on the way.

If you are here because you’ve been locked out of your account in the last day or so, you’re in the right place and we want to help you get your account back in working order.

A large group of accounts were locked down due to a security concern. By “security concern,” we mean unusual activity that did not correspond to the account’s normal behavior that may indicate unauthorized access.

The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services. If another site is compromised and those lists of usernames and passwords become available, it’s very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk.

Please, please, please make sure you choose strong passwords that are unique to reddit. I also encourage you to take this opportunity to make sure your email address is up to date to enable automated password resets and to add two-factor authentication to further secure your account.

We’re sorry for the unpleasant surprise and are working to get you all back to redditing as usual. I'll be monitoring this thread for a while to answer questions where I can, but please keep in mind we can't answer most account-specific inquiries in public.

That last sentence is also a key cybersecurity lesson. Reddit can't discuss account specific issues in public because hackers monitor customer service threads. 

[RELATED: Social media cyberattack after tweeting customer service]

And the push for 2FA makes sense, not only because it bolsters security, but because Reddit's own employees were hacked in 2018 due to a lack of two-factor authentication. 

Security appears to be a significant focus at Reddit right now. It hired its first head of information security and advertised new openings in cybersecurity during its data breach announcement last year.

Reddit users respond to account lockout

Reddit users replied to being locked out with their usual candor, and many had trouble believing the site's explanation for the unusual activity:

We'll be watching for updates. In the meantime, you can monitor the Reddit accounts locked thread for yourself.

[Resource for security professionals: 2019 SecureWorld conferences calendar]

Comments