AdGuard Reset User Passwords After Enduring Credential Stuffing Attacks

AdGuard has recently alerted all its users about a recent cyber attack. The company noticed a credential stuffing attack after which AdGuard reset user passwords for all accounts. However, the good news is that the company declares its servers remained safe from the attack and confirms no data compromise.

AdGuard Reset User Passwords After Resisting Cyber Attack

A few days ago, AdGuard disclosed a cyber attack towards its servers. The firms CTO and Co-founder, Andrey Meshkov, revealed that the company noticed a credential stuffing attack that day, after which AdGuard reset user passwords from its end for all accounts.

Reportedly, officials noticed repeated login attempts to AdGuard from suspicious IP addresses belonging to various servers globally. The firm believes that hackers have acquired login credentials from other data breaches. That is why they succeeded in accessing only a few accounts where the users might have used the same passwords as on other sites.

As stated in the security notice,

“Malefactors used existing databases of email/password pairs previously leaked by different companies. We believe that attackers were able to access some of the accounts, but only few of them which owners used the same compromised email/password pair.”

The company confirms that the servers remained safe and that no data breach has occurred in this attack. Besides, they also confirm that the compromised accounts are “no more than a few hundred”. Nonetheless, out of an abundance of caution, the firm decided to reset all passwords.

“We don’t know what accounts exactly were accessed by the attackers. All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That’s why we decided to reset passwords of all users.”

AdGuard Integrates HIBP To Alert Users For Compromised Passwords

The firm confirmed no data compromise during the cyber attack. Still, AdGuard urges all the users set new passwords. For this, the users can simply go to the password reset link and create new passwords.

To assist the users in setting up novel passwords, or at least such passwords that have never been compromised, AdGuard has linked with HaveIBeenPwned.com. If the user enters a password that exists in the breached passwords’ database on HIBP, they will receive an alert. Previously, Github adopted this approach by integrating with HIBP to assist users.

In addition, AdGuard will also introduce two-factor authentication in the upcoming days to enhance users’ account security.

Take your time to comment on this article.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil