OPINION STATION Reddit has reset more than 100,000 user passwords following a rise in account takeovers.
Reddit explained that it hasn't been hacked, but that it has noticed a surge in account takeovers by malicious, or "spammy", third parties, probably owing to a number of recent high-profile attacks such as that on LinkedIn.
"If you haven't seen it in the news, there have been a lot of recent password dumps made available on the parts of the internet most of us generally avoid," Reddit founding engineer Christopher Slowe said in a post on the site.
"With this access to likely username and password combinations, we've noticed a general uptick in account takeovers by malicious (or at best spammy) third parties.
"Reddit itself has not been exploited, but even the best security in the world won't work when people are reusing passwords between sites. We've ramped up our ability to detect the takeovers, and sent out 100,000 password resets in the last two weeks."
Reddit also warned that throwaway accounts, many of which have been inactive for years, will have their passwords reset, and will be disabled if the owners don’t log in for a month after the reset.
Reddit said in a Q&A underneath the announcement that it's considering rolling out two-factor authentication in a bid to make itself even less appealing to hackers and spambots.
"We're definitely considering it. In fact, admins are required to have two-factor authentication set up to use the administrative parts of the site. It's behind a second authentication layer," said Slowe.
"Unfortunately, to roll this out further, Reddit has a huge ecosystem of apps, including our newly released iOS and Android client. Adding two-factor authentication to the log-in flow will require a lot of coordination."
David Kennerley, director of threat research at cyber security specialist Webroot, believes that enabling two-factor authentication would be a smart move on Reddit's part.
"We live in a time where password guidance is very mixed. One piece of advice that everyone should agree on, though, is using different passwords for the different sites visited, but very few people actually do this, leaving their accounts at risk," he said.
"A move towards two-factor authentication would also be wise. More organisations are moving to tools such as Google Authenticator to achieve this. Reddit has a great following across the globe, and keeping Reddit accounts and personal data secure has to be its number one priority." µ
Oh and it'll also help give aural pleasure
But it might still not be enough to make virtual reality super appealing
And a ridiculous competition
Now you can talk to your silly-looking earbuds too