Attack Forces Password Reset
Friday, June 24, 2016 @ 05:06 PM gHale
Online backup service Carbonite ended up forced to reset all user passwords after security professionals found an ongoing account takeover attack.
The company said the attacking third-party didn’t compromise any user accounts, mainly because its staff caught the attack in its early stages. To ensure nothing ended up stolen from people’s backups, Carbonite initiated a service-wide password reset.
The attackers got ahold of username and password combos and tried a brute force attack into Carbonite accounts, hoping users reused their credentials across different services.
Carbonite would like users to select new passwords. Carbonite doesn’t provide two-factor authentication right now, but the company said it would be rolling out the protocol in the coming future.
Services like Carbonite provide a trove of sensitive information, allowing hackers direct access to user devices, or to financial data or passwords stored as computer backup files.
Most Carbonite users should receive an email from the company shortly, but they will get note to reset their password as soon as they try to log in.