Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result.
An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches.
Part of the email reads as follows:
As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts.
Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.
To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information.
Nobody is keen for a hacker to break into their online accounts, but it’s especially important when what’s being protected by your account is your computer backup. If a hacker were able to gain access to your online backup they could – in theory – make a copy of every file on your hard drive, including those you may have thought were erased long ago.
There are instructions in the Carbonite knowledgebase explaining how users can change their passwords.
But don’t stop there. Once you’ve changed your Carbonite password, you should also ensure that you have created new passwords for any *other* site where you might be reusing the same passwords.
Your best defence to protect against password reuse attacks is so simple it beggars belief that more people don’t deploy it: stop reusing passwords. Always use different passwords for different websites.
And if you think that your puny human brain can’t remember lots of different, hard-to-crack passwords then you’re in the same boat as me. Get a password manager to do the job for you.
The company says that it will be rolling out additional security measures to protect accounts, including two-factor authentication (2FA).
There are a lot of web services that already offer two-step verification (2SV) or two-factor authentication to help users harden their accounts.
Here are some links which will help you better protect yourself online.
Read more about 2SV
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.