Reportedly, officials noticed repeated login attempts to AdGuard from suspicious IP addresses belonging to various servers globally. The firm believes that hackers have acquired login credentials from other data breaches. That is why they succeeded in accessing only a few accounts where the users might have used the same passwords as on other sites.
As stated in the security notice,
“Malefactors used existing databases of email/password pairs previously leaked by different companies. We believe that attackers were able to access some of the accounts, but only few of them which owners used the same compromised email/password pair.”The company confirms that the servers remained safe and that no data breach has occurred in this attack. Besides, they also confirm that the compromised accounts are “no more than a few hundred”. Nonetheless, out of an abundance of caution, the firm decided to reset all passwords.
“We don't know what accounts exactly were accessed by the attackers. All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That's why we decided to reset passwords of all users.”
To assist the users in setting up novel passwords, or at least such passwords that have never been compromised, AdGuard has linked with HaveIBeenPwned.com. If the user enters a password that exists in the breached passwords’ database on HIBP, they will receive an alert. Previously, Github adopted this approach by integrating with HIBP to assist users.
In addition, AdGuard will also introduce two-factor authentication in the upcoming days to enhance users’ account security.
Take your time to comment on this article.