
Reddit account compromised: a lesson in passwords - freakball
One app. That&#x27;s all it took.<p>Look, I&#x27;m not even sure if my device is rooted properly, or even how to check. What I do know, is that I have narrowed the loss of my password down to an app I got from TPB.<p>Trying to save $3 resulted in the loss of my Reddit account and gmail of the same name in rapid succession (whoohoo, he let me keep my HN account!). Although im not sure which happened first, it is clear why it went down that way: the paswords differed by one character.<p>Ugh.<p>Anyways, they immediately started posting blogspam with my account. When I started messaging them, they made it clear that this would just be the beginning (removing themselves as mod from all of my subreddits), and I scrambled to secure my gmail account. I might have failed in that regard, but I&#x27;m trying...<p>As it stands right now, most of my accounts seem secure, but who knows.<p>Now that I reflect on it, I&#x27;m suprised it hasn&#x27;t happened already, fools go crazy for that karma.
======
evanmoran
If they have key logging on your machine Google 2-factor authentication is the
only thing that would save you. This to me is the most important security
precaution you can take, the next being auto generated passwords with
PasswordSafe or something similar. Good luck=).

~~~
freakball
I did, however because I deleted and then recovered it, it is now locked. I
get a "temporary error 500 numeric code 59" when I try to log in. I still have
access to all other google services though.

------
samstave
[http://www.reddit.com/message/compose?to=%2Fr%2Freddit.com](http://www.reddit.com/message/compose?to=%2Fr%2Freddit.com)

Report your account hijacked to the admins ASAP.

~~~
freakball
I did. I even limped into google+ with the compromised account and posted them
there.

------
romeo88
Dont install software from untrusted sources at least, especially when you are
too stupid to keep your passwords safe enough.

------
nroose
Not sure how this is "a lesson in passwords"... Seems to me like a lesson in
TPB.

------
octatone2
A lesson in passwords or a lesson in downloading/pirating apps from dubious
sources.

Official app stores have a hard enough time keeping their inventory clean from
fake apps and malware, what makes you think TPB is somehow not full of fakes
and malware?

------
mappum
I don't think the attacker tried variations of your password to get into your
gmail, their malware most likely got it some other way (keylogger or extracted
from saved passwords in browser).

~~~
freakball
Well, I dont know. Maybe the reddit accoint was the most valuable thing I had,
but my primary email seems unaffected.

------
matznerd
Was it an android app?

~~~
freakball
Yes. Im almost positive it was Super Hexagon.

------
samstave
Ping them on Quora as well..

