It said it detected continuous attempts to login to AdGuard accounts from suspicious IP addresses belonging to various computers across the globe.
The company said the attacks were stopped by a rate limiter – a security measure that detects multiple login attempts using different passwords.
“However, rate limiting is not enough when an attacker already knows what password to use. Unfortunately, this seems to be the case. The pairs of email/password used by intruders belong to known databases of leaked accounts,” it posted on its site.
“Attackers used one of the databases of leaked accounts that is available online and checked whether the email/password data could access AdGuard accounts. We believe that attackers were able to access some of the accounts.”
It said the leaked databases could have come from the numerous data breaches over the years, and it is unable to tell which accounts were accessed.
“All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That’s why we decided to reset passwords of all users,” it posted.
AdGuard is now connected to HaveIBeenPwned, a website which collects data of all known compromised online services. “If the password that you are entering is found in the database of leaked ones, you will see a warning,” it posted.
Users will now have to reset their password in order to access their accounts, and AdGuard adds that it will introduce two-factor authentication for stronger protection.
“We physically can’t implement it in one day, but this will be our next step and we will let you know about it as soon as its done,” it said.