Thousands of users have been affected by a Carbonite hack this week, with the company responding by implementing a preventative system-wide password reset for all subscribers.
Carbonite announced the threat on 22nd June, informing users that hackers had obtained username/password combinations from previously hacked sites, and had been using them in attempts to gain access to Carbonite accounts.
Carbonite’s official statement maintains that their systems have since been subjected to a thorough security review, and confirms that the company themselves have not been hacked. However, although security measures were quickly implemented after failed authorizations brought the attack to Carbonite’s attention, they have warned that as well as usernames and passwords, “other personal information may have been exposed”.
In an attempt to mitigate the effects of the attack, Carbonite performed an automatic reset of all user passwords, so that the stolen information can no longer be used to gain access to Carbonite accounts. They are also encouraging users to make use of optional two-factor authentication to protect against future threats, and it’s reasonable to assume that this extra security measure may become mandatory in the near future.
Carbonite is not the first victim of hackers with access to username/password data this month, with remote access service GoToMyPc suffering similar attempts to break into accounts, and TeamViewer suffering particularly as user accounts were controlled and bank accounts emptied. While there’s no evidence so far to suggest that any Carbonite subscribers have experienced problems of this scale, it’s certainly a wake-up call for companies to tighten their security, and for users to be more vigilant with their passwords.
It’s theorized that the 2012 LinkedIn data leak may be responsible for this recent spate of attacks, with the usernames and passwords obtained now gaining greater circulation on the dark web. So if you make a habit of reusing passwords, now might be a good time to reconsider.
Carbonite are confident that their recovery strategy has worked, and promise that backups are continuing as usual. Meanwhile, there are support staff on hand to help with any queries or concerns.
Has the Carbonite hack affected you? Tell us your experiences in a comment.