While there’s no evidence so far to suggest that any Carbonite subscribers have experienced problems of this scale, it’s certainly a wake-up call for companies to tighten their security, and for users to be more vigilant with their passwords. They are also encouraging users to make use of optional two-factor authentication to protect against future threats, and it’s reasonable to assume that this extra security measure may become mandatory in the near future.Ĭarbonite is not the first victim of hackers with access to username/password data this month, with remote access service GoToMyPc suffering similar attempts to break into accounts, and TeamViewer suffering particularly as user accounts were controlled and bank accounts emptied. In an attempt to mitigate the effects of the attack, Carbonite performed an automatic reset of all user passwords, so that the stolen information can no longer be used to gain access to Carbonite accounts. However, although security measures were quickly implemented after failed authorizations brought the attack to Carbonite’s attention, they have warned that as well as usernames and passwords, “other personal information may have been exposed”. WWW ACCOUNT CARBONITE COM PASSWORDBut together many seemingly disparate user accounts can come together and create a complete user profile for hacking into high-value accounts, Scott-Cowley said.Thousands of users have been affected by a Carbonite hack this week, with the company responding by implementing a preventative system-wide password reset for all subscribers.Ĭarbonite announced the threat on 22nd June, informing users that hackers had obtained username/password combinations from previously hacked sites, and had been using them in attempts to gain access to Carbonite accounts.Ĭarbonite’s official statement maintains that their systems have since been subjected to a thorough security review, and confirms that the company themselves have not been hacked. Each one of these stolen accounts might not be worth much alone, he said. “It’s a good bet that these massive stolen user credential databases are being crossed reference on the dark web,” he said. Just two weeks prior to the MySpace breach revelation information on 164 million LinkedIn users, including email addresses and passwords stored as SHA-1 hashes without salt, were exposed.ĭata from large breaches has been available for some time, said Orlando Scott-Cowley, cybersecurity strategist at email security firm Mimecast in an interview regarding last week’s GoToMyPC password reset. One of the affected sites, MySpace, for example was initially hacked in 2008 but it wasn’t until late May that information leaked on 360 million of its users, including their email addresses and the unsalted SHA-1 hashes of the first 10 characters of their passwords, was sold publicly online. But since May, when it was revealed that more than 164 million LinkedIn credentials were for sale on the black market, there have been back-to-back reports of similar breaches totaling more than 642 million user names and passwords that have been spotted for sale on the dark web. However, at this time Carbonite does not offer 2FA as a default option. WWW ACCOUNT CARBONITE COM PROAdditionally, for some accounts, other personal information may have been exposed,” the statement read.Īffected are Mac and Windows Carbonite Personal and Carbonite Pro customers along with Carbonite Server Backup and MailStore users.Īlong with forcing a password reset, Carbonite is urging its customers to replace old passwords with complex passwords and when possible use two-factor authentication (2FA) to protect accounts. “While we will continue to monitor and investigate the matter, we have determined that usernames and passwords are involved. Security experts say each of these firms have suffered from password reuse attacks tied to recent revelations of massive credential losses from mega-breaches at LinkedIn, Tumblr, VK.com, Fling and MySpace. The mandatory password reset by Carbonite is just the latest in a long string of online companies such as Citrix’s GoToMyPC, TeamViewer, Twitter, Github, Tumbler, iMesh and LinkedIn that have also recently forced their customers to reset their passwords. In some cases, personal information may have been exposed, Carbonite wrote in a blog post. According to a statement issued by Carbonite on Tuesday hackers were attempting to break into user accounts using stolen credentials. Online backup firm Carbonite is forcing all of its 1.5 million users to change their passwords after reporting that accounts was targeted in a password reuse attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |