- Two-factor authentication enabled with authenticator app
- Unique password generated by Firefox password manager (never reused, itself protected with 2FA)
- Regular activity monitoring
- Clean 10-year history with zero moderation issues
Account statistics:
- 10 years old account
- 3,013 contributions
- 185,224 karma (likely the highest karma account on r/france, not flexing because I don't care at all about karma, just pointing out this is not a random new account)
- Zero violations or warnings in 10 years
Attack timeline (CEST):
- Night of Oct 2-3: Account compromised, attackers posted pornographic content
- Oct 3, morning: Discovered the hack, changed password immediately, warned reddit using their contact form
- Oct 3, ~2:30 PM: Received 3-day temporary ban for "vote manipulation"
- Oct 3, ~6:51 PM: Ban upgraded to permanent
- Oct 4: Submitted appeal with all evidence
- Oct 4: Appeal denied without investigation
Evidence of unauthorized access: clear logins from US IP addresses while I'm located in France and always using the same two (work/home) fixed ip address to use my account for the last 5 years at least:
- 165.123.230.107 (University of Pennsylvania)
- 167.248.80.41 (Allo Communications LLC)
Reddit's response to my appeal was simply: "your appeal will not be granted and your ban will remain in place" - no investigation, no consideration of the evidence showing compromised access from foreign IPs.
This seems to indicate either:
- A security vulnerability in Reddit's 2FA implementation
- Sophisticated cookie theft malware (though no AV detection)
- A broader security issue on Reddit's end
The most concerning aspect is that Reddit's appeal system appears to automatically deny requests without human review, even when there's clear evidence of account compromise. A decade of legitimate participation and community contribution was wiped out instantly with no recourse.
Has anyone experienced similar incidents? What are the options when legitimate account recovery appeals are automatically denied despite evidence of compromise?
digianarchist•2h ago
Did it say the words "automation was not used in this decision" or something similar.
I have personally never seen reddit overturn a ban and they don't spend a lot of time on cases because they have so many nonpaying users it probably makes little economic sense for them to do so.
guilamu•1h ago
No, nothing about a human intervention/automation was mentioned.
digianarchist•1h ago
> Note: This decision was made without the assistance of automation.
At the end of any messages from the Admin team.
guilamu•1h ago