Once again, another popular online portal fell victim to a cyber attack. However, this time, the targeted firm Basecamp effectively fought back against a credential stuffing attack affecting around 30,000 accounts. Nonetheless, the company had to reset passwords of affected accounts.
Basecamp Fought Back Against Cyber Attack
The seemingly neverending wave of credential stuffing attacks struck the firm. However, the attack didn’t seem successful. Reportedly, Basecamp endured the cyber attack by determined criminals.
The company’s founder and CTO, David Heinemeier Hansson, first disclosed the attack. He reported about the incident in detail in an official blog post. As revealed, Basecamp’s ops team observed a potential cyber attack on January 30, 2019, 12:45 pm central time. The team noticed a drastic rise in the number of login attempts on the Basecamp’s website.
“More than 30,000 login attempts were made in the hour that followed from a wide array of IP addresses.”
Hansson elaborated that the team took quick actions and employed various strategies to contain the attack.
“Our first line of defense was to block the offending addresses, but ultimately we needed to enable captcha to stop the attack.”
Thus by blocking the attacking IP addresses followed by application of CAPTCHA system, Basecamp team successfully endured the attack.
Hansson further explained that while the attackers did access various accounts, they didn’t perform any other actions.
“It seemed like the attack focused on first validating which accounts were vulnerable, perhaps with a plan to later exploit these vulnerable accounts.”
Basecamp Reset Passwords Of Affected Accounts
Although the firm quickly defended the attack, the attacker still managed to affect around 124 accounts. After containing the attack, Basecamp logged out the affected accounts and reset passwords. Certainly, for a firm having a userbase of roughly 3 million, the 124 targeted accounts looks meager.
Regarding how the attackers could have obtained the credentials, Hansson suspects the database collections of breached credentials, such as the Collection #1.
“All of the unauthorized access was gained using the correct username and password for the account. It’s highly likely that these credentials were obtained from one of the big breaches, like those collected in combos like Collection #1, Anti Public, or Exploit.in.”
He advises users to employ adequate security measures to keep their credentials secure. He recommends employing two-factor authentication and using password managers for ensuring password security. Moreover, he also suggests the users subscribe to a breach alert service such as HaveIBeenPwned to stay updated about the breached credentials.
This report comes right after the news about DailyMotion credential stuffing attack surfaced online. That time too, the attack affected a limited number of accounts.