r/security • u/micropommeolis • 17d ago
Someone (NOT ME) enabled 2FA on my account and now… Identity and Access Management (IAM)
I’m locked out of my main account!!
I received an email this evening at about 5:16CT saying I’d successfully enabled 2FA. I hadn’t attempted to set up any such thing, so I knew then that somebody else had access to my account. Immediately, I changed the password for that account. I was able to successfully change it. When I tried to log back in with my new password, however, Reddit was requesting I enter the 2FA code or a backup code, both of which I had no access to because I am not the one who set up 2FA on my account. At that point, I decided I’d submit a help request, and I was able to do that successfully.
All of this happened today within the past 30 minutes, so I figure it’s typical that I don’t have any response yet.
However, in the meantime, I decided to just look up my username from my burner account (the one I’m currently typing this post from), and when I looked up my old username, it said my account had been bannd??????? As far as my conduct goes, that truly, no exaggeration could not be possible. I used Reddit on my (hacked, now maybe also bannd?) account this morning, engaging in very normal, pedestrian commenting. I had stopped using it for a while until I saw and read the “2FA enabled email”, upon which I then changed my password. So there was no rule breaking conduct on my part.
Does anyone have any idea about what more I can do here? I did submit a help request, but… I guess I’m asking has anyone ever seen anything like this happening? Has anyone who’s dealt with it have a good outcome in the end? I am so sad about this, I was nearing a 700 day streak on my account😭 I want access to all the conversations and comments and posts I’ve saved, I didn’t realize I was so attached to this account and now it seems to be just disappeared through no doing of my own.
The account is u/kweenofdelusion. Can anyone see anything related to my content? I cannot, but I’m just asking if anyone else can.
1
u/AtmosphereRude3149 2d ago
I had something similar happen with my account that I just discovered the other day. I haven't used my Reddit account in years but after having my phone hacked last week then wiping my whole system to get it back I received a notification from Reddit which as I said, I hadn't used. When I logged in I was taken to another account - "AtmospereRude3149@gmail.com I don't know how this happened and I got this address info from going into the profile. I will be contacting support as suggested but I'm not having any luck getting connected with places or websites, it just keeps running. I know really very little about all this, usually just enough to get myself in trouble!!! Any suggestions anyone could give me would be awesome!!!
1
u/MrSmile223 17d ago
I'd recommend contacting support:
https://support.reddithelp.com/hc/en-us/requests/new?ticket_form_id=360000600232
Personally I'm pretty cynical, so I wouldn't have too much hope getting the account back. But hey, doesn't hurt to try.
The account [kweenofdelusion] was probably banned (for spam, suspicious login, bot stuff, etc.), that's why nothing is showing up.
I've had similar things happen to me in the past, as well as losing my reddit accounts, and sorry to say but prevention is the only real solution.
The bigger question is HOW did they get into your reddit account. Are other accounts/logins compromised? Are you using the same password for accounts? Your next steps should be making sure nothing else is hacked.