CARBONITE RESET PASSWORD PASSWORD
Carbonite’s system wide password reset is the first of many we’ll see. “Every breach provides a new set of username and password pairs for bad guys to test elsewhere looking for people who are reusing their credentials despite years of security pros begging them not to do that. Jonathan Sander, VP of Product Strategy at Lieberman Software: Customers are rightly demanding to be protected when they submit their valuable personal information on the web, and online services need to respond appropriately by replacing the password with more rigorous authentication technologies.” They don’t provide protection for the volume of information we all store online today, they don’t scale for users, and they are vulnerable to a myriad of attacks. “It’s high time that we recognise passwords as the antiques that they are. With millions of passwords stolen from recent breaches floating around the dark web, if people have been reusing passwords across multiple sites, it’s only a matter of time before these credentials could be used elsewhere. This of course makes hackers’ jobs much easier, because they don’t even need to hack into new databases anymore to reap their rewards. We’re all human, and it’s difficult to remember a different password for each online service that you use, so it’s not surprising that so many people use the same password across multiple sites. “Password re-use is one of the biggest problems with the username and password system.
Has the Carbonite hack affected you? Tell us your experiences in a comment.Carbonite has fallen victim to a password-reuse attack and is asking users to change their passwords. IT Security experts from MIRACL, Lieberman Software, ESET, AlienVault and Imperva commented below. Meanwhile, there are support staff on hand to help with any queries or concerns. So if you make a habit of reusing passwords, now might be a good time to reconsider.Ĭarbonite are confident that their recovery strategy has worked, and promise that backups are continuing as usual. It’s theorized that the 2012 LinkedIn data leak may be responsible for this recent spate of attacks, with the usernames and passwords obtained now gaining greater circulation on the dark web. While there’s no evidence so far to suggest that any Carbonite subscribers have experienced problems of this scale, it’s certainly a wake-up call for companies to tighten their security, and for users to be more vigilant with their passwords. They are also encouraging users to make use of optional two-factor authentication to protect against future threats, and it’s reasonable to assume that this extra security measure may become mandatory in the near future.Ĭarbonite is not the first victim of hackers with access to username/password data this month, with remote access service GoToMyPc suffering similar attempts to break into accounts, and TeamViewer suffering particularly as user accounts were controlled and bank accounts emptied. In an attempt to mitigate the effects of the attack, Carbonite performed an automatic reset of all user passwords, so that the stolen information can no longer be used to gain access to Carbonite accounts. However, although security measures were quickly implemented after failed authorizations brought the attack to Carbonite’s attention, they have warned that as well as usernames and passwords, “other personal information may have been exposed”. Thousands of users have been affected by a Carbonite hack this week, with the company responding by implementing a preventative system-wide password reset for all subscribers.Ĭarbonite announced the threat on 22nd June, informing users that hackers had obtained username/password combinations from previously hacked sites, and had been using them in attempts to gain access to Carbonite accounts.Ĭarbonite’s official statement maintains that their systems have since been subjected to a thorough security review, and confirms that the company themselves have not been hacked.
0 kommentar(er)
