Account compromise on Reddit most commonly manifests as receiving an email notification that your account email address or password has been changed — notifications you did not initiate — or noticing posts, comments, or messages in your account history that you did not create. The moment you detect any of these signs, the response window is critical, because the longer an attacker has access, the more damage they can do and the more difficult recovery becomes. The first step is to attempt a password reset using Reddit's "Forgot Password" feature, which sends a reset link to the email address currently associated with the account. If the attacker has changed the email address, Reddit sends a notification to your original email explaining how to reverse the change. Entering your original email address on the account recovery screen and following the instructions can restore access even after an email change, provided you still have access to the original inbox. Act quickly — these recovery windows are time-limited. Once you have regained access, immediately change your password to a strong, unique one not used elsewhere. Enable two-factor authentication (2FA) using an authenticator app rather than SMS if possible, since SIM-swapping attacks can compromise SMS-based 2FA. Review your account for unauthorized activity — check your post and comment history, direct messages, and any connected applications — and remove anything posted by the attacker. If you cannot regain access through password reset, submit a support request through Reddit's Help Center at reddit.com/support. Select the option for account access problems and provide your username, the email you believe was originally associated with the account, and any evidence you have that the account is yours. Reddit's account recovery process for fully compromised accounts requires this support pathway. After recovery, audit the password and 2FA status of any other services where you used the same email and password combination, since credential attacks frequently exploit reuse across platforms.
Knowledge Base entry
What steps can you take if your account is compromised or hacked?
A practical answer page built from the knowledge base source.
FAQ
Imported article
More to read
What are best practices for avoiding doxxing yourself (sharing identifying details)?
How do you anonymize screenshots or posts that include sensitive info?
How should you think about posting content involving your workplace, family, or minors?
What types of scams are common on Reddit (crypto, giveaways, phishing)?
How do you recognize fake customer-service accounts or impersonation attempts?
How should you respond if someone asks you to move a conversation to another platform?
How do you avoid malware or phishing links in comments and DMs?
What is doxxing, and how does Reddit's policy treat it?
How does Reddit enforce policies on non-consensual intimate imagery?
What should you do if you think a user is in immediate danger (self-harm, violence)?
How can you use Reddit safely from high-risk environments (activism, sensitive topics)?
How do you verify that "official" help or mod messages are legitimate?
How can you appeal a site-wide suspension or report a false positive?
How do you keep a healthy relationship with Reddit to avoid burnout or doomscrolling?
Reddit Course — Part 5 (Q223–270)
What do common acronyms like AITA, TIFU, TIL, ELI5, LPT, CMV, and TL;DR stand for?
How do flairs like "Serious," "Answered," or "Update" shift expectations for behavior?
What is "shitposting," and when is it acceptable or unwelcome?
What is a "copypasta," and how does it spread across communities?
What do users mean by "karma farmer" or "karma whore"?