Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

AdGuard resets all user passwords after credential stuffing attack

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Attackers gained access to some AdGuard accounts but company can't tell how many.

 

https://s7d7.turboimg.net/sp/f16bc9df1e64c3a39880634c8f2bf1d4/adguard_generic_3.png

AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, has reset all user passwords, the company's CTO Andrey Meshkov announced today.

 

The company took this decision after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords.

 

Meshkov said the attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies.

 

This type of attack --using leaked usernames and passwords to hack into accounts at other services-- is known as credential stuffing.

 

The AdGuard CTO said attackers were successful in their assault and gained access to some AdGuard accounts, used for storing ad blocker settings.

 

"We don't know what accounts exactly were accessed by the attackers," Meshkov said. "All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That's why we decided to reset passwords of all users."

 

 

The company says it implemented the Have I Been Pwned API into their existing infrastructure so that when users will configure a new password, the AdGuard system will warn them if they're using passwords leaked at other services.

 

Meshkov said AdGuard now also uses stricter rules for choosing passwords, and they also intend to support two-factor authentication in the future.

 

The AdGuard exec also revealed that the company found out about the attack after its rate-limiting systems detected the numerous failed login attempts during the password guessing phase of the attack.

 

Most of the attacks were stopped, but some were successful, which usually tends to happen when attackers get lucky and guess the proper combination during the first login attempts.

 

It is unclear what the attackers were attempting to do with such low-value accounts.

 

Source

Link to comment
Share on other sites
  • Views 565
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...