REDDIT has forced some of its users to reset their passwords after a string of major internet security breaches.
The site has sent emails to some of its users telling them they cannot continue using the site until they switch their credentials.
An email sent out by Reddit’s security team hit user inboxes starting last week.
It reads: “We’re requiring some of our users to reset their passwords in light of recent news of Internet security breaches.
“As a precautionary measure, please reset your password here to continue using your account: https://www.reddit.com/prefs/update
“You will need to use the desktop site to do so if you are on mobile.
“We recommend that you use long, complex passwords (at least 12 characters – a short sentence works beautifully), and do not reuse your password on any other site. We apologize for any inconvenience.”
Websites often ask users to change their passwords when the site itself has been breached, but rarely due to breaches of other domains.
It’s not clear how many users have been contacted by Reddit, or what security breaches it is referring to.
A thread posted by Reddit admin Sporkicide blamed the site’s users for bad password hygiene.
“The most common explanation for this is the use of very simple passwords or the reuse of credentials across multiple websites or services.
“If another site is compromised and those lists of usernames and passwords become available, it’s very likely that they will be tried against other popular sites to see if they work and this means that any account where you use the same credential combination is then at risk.”
Reddit did not immediately respond to a request for comment.
A huge number of email addresses and passwords for sites across the internet were recently dumped onto an online hacking forum.
As many as 773million only accounts were exposed across a range of websites – and there’s a good chance you’ve been caught up in the ‘Collection 1’ breach.
A security researcher named Troy Hunt runs a website called HaveIBeenPwned.com.
Hunt uploads leaked logins from cyberattacks to the website, and then you can enter your email and check if you’ve ever been exposed by a hack.
On Wednesday, Hunt revealed that he had uploaded the largest-ever cache of logins – sourced from hacker websites – to his own site.
A total of 772,904,991 unique email addresses and 21,222,975 leaked passwords are now stored on the site, obtained from a wide range of sources.