AdGuard attacked, resets passwords of all accounts


  • TECH
  • Friday, 21 Sep 2018

AdGuard believes that attackers were able to access some of the users' accounts.

AdGuard, a popular ad blocking service, has reset the passwords of all its users which number over five million worldwide after it detected its servers being attacked.

It said it detected continuous attempts to login to AdGuard accounts from suspicious IP addresses belonging to various computers across the globe.

The company said the attacks were stopped by a rate limiter – a security measure that detects multiple login attempts using different passwords.  

“However, rate limiting is not enough when an attacker already knows what password to use. Unfortunately, this seems to be the case. The pairs of email/password used by intruders belong to known databases of leaked accounts,” it posted on its site.

“Attackers used one of the databases of leaked accounts that is available online and checked whether the email/password data could access AdGuard accounts. We believe that attackers were able to access some of the accounts.”

It said the leaked databases could have come from the numerous data breaches over the years, and it is unable to tell which accounts were accessed.

“All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That’s why we decided to reset passwords of all users,” it posted.

AdGuard is now connected to HaveIBeenPwned, a website which collects data of all known compromised online services. “If the password that you are entering is found in the database of leaked ones, you will see a warning,” it posted.

Users will now have to reset their password in order to access their accounts, and AdGuard adds that it will introduce two-factor authentication for stronger protection.

“We physically can’t implement it in one day, but this will be our next step and we will let you know about it as soon as its done,” it said.
Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

Twitter reintroduces election misinformation rules ahead of U.S. midterms
Two lawmakers ask U.S. regulator about Tesla crashes, safety probes
Crypto derivatives volumes surge to $3.12 trillion in July - CryptoCompare
Govt body asks Rain to retract its proposal to merge with Telkom
Arrival to delay spending on bus project after posting wider loss
BlackRock launches spot bitcoin private trust for U.S. clients
World’s biggest Amazon warehouse raises fears over toxic air
Russia's VKontakte owner VK hit by second quarter loss
Analysis: Is Netflix envy over in Hollywood? Not quite
Payment gateway provider iPay88 says ‘cybersecurity incident’ may have compromised users’ card data

Others Also Read