Online backup service Carbonite is requiring all users to change their passwords after it observed password reuse attacks targeting their accounts. On Tuesday, the company announced the password reset in a statement posted to its website:
"As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts. Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised."
Carbonite does not specifically mention any companies that might have been attacked, though it is likely referring to the data breaches at LinkedIn, Tumblr, and several others that compromised hundreds of millions of users' login credentials.
While some users have changed their passwords for those accounts affected by the breaches, many of which occurred several years ago, others have not. Still others have reused their compromised credentials across multiple web accounts, allowing attackers to test the same set of credentials across multiple services. Those password reuse attacks have already motivated a number of other companies including GitHub, GoToMyPC, and TeamViewer to reset their users' passwords. Carbonite is urging all users to be on the lookout for an email sent from [email protected] that leads them to a page where they can reset their passwords. A list of instructions on how users can complete the password reset process can be found here. But the online backup service is taking it one step further.
"In addition to our existing monitoring practices, we will be rolling out additional security measures to protect your account, including increased security review and two-factor authentication [which we strongly encourage all customers to use]."
Two-factor authentication will help protect users with an additional layer of security in the event of password reuse attacks. For tips on how to create a strong password to protect your Carbonite account or other web profiles, please click here.