Online backup firm Carbonite targeted in password reuse attack

Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result.

Source: Online backup firm Carbonite targeted in password reuse attack

| June 21, 2016

Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result.

An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches.

 

Part of the email reads as follows:

As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts.

Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.

To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information.

Nobody is keen for a hacker to break into their online accounts, but it’s especially important when what’s being protected by your account is your computer backup. If a hacker were able to gain access to your online backup they could – in theory – make a copy of every file on your hard drive, including those you may have thought were erased long ago.

There are instructions in the Carbonite knowledge base explaining how users can change their passwords.

But don’t stop there. Once you’ve changed your Carbonite password, you should also ensure that you have created new passwords for any *other* site where you might be reusing the same passwords.

Your best defense to protect against password reuse attacks is so simple it beggars belief that more people don’t deploy it: stop reusing passwords. Always use different passwords for different websites.

And if you think that your puny human brain can’t remember lots of different, hard-to-crack passwords then you’re in the same boat as me. Get a password manager to do the job for you.

The company says that it will be rolling out additional security measures to protect accounts, including two-factor authentication (2FA).

There are a lot of web services that already offer two-step verification (2SV) or two-factor authentication to help users harden their accounts.

Here are some links which will help you better protect yourself online.