“A proper mitigation must provide account takeover solutions such as detection of stolen passwords usage, detection of automated tools (bots) and detection of account access from malicious device.” “Sadly, most sites lack the proper security measures to stop these attacks,” he concluded. These types of attack also place an “intense load” on the authentication server of the attacked site, and can severely disrupt operations by leading to users being locked out of their accounts if safety procedures kick in, Avital added. “There are plenty of tools out there, including advanced ones that can mask the attacker’s identity through TOR, rotating the user-agent string and more.” “The popularity of this attack is on the rise since it is fairly simple it requires minimal resources from the attacker and there are lots of leaked credentials to work with,” he argued. The incident underscores the importance of users avoiding password reuse, as it improves success rates for brute force attacks, according to Imperva security researcher, Nadav Avital. In response, the firm said it had put a banner on its homepage alerting users of the changes and posted the same message to social media channels. However, users were quick to complain in the comments section that the password reset email still appeared dubious. To help customers spot phishing emails, Carbonite urged them to check the sender’s email address is It added that the URL if they click through should be and that it won’t request them to download or execute any executables. It also suggested they reset any passwords used for other online services if they are the same or similar to the ones used for Carbonite. User names, passwords and, for some accounts, personal information, appears to have been involved, Carbonite continued.Īs a result, the firm said users will receive an email in the next few days asking them to reset passwords, which it recommended be strong and use unique credentials. The attackers then tried to use the stolen information to access Carbonite accounts.” “This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The firm moved quickly to reassure customers that its own systems had not been compromised, adding: TLDR: I'm a single user with a single PC and multiple hard drives.Online back-up company Carbonite has warned customers it’s resetting all user log-ins after discovering a number of unauthorized attempts to access accounts via potentially compromised and reused credentials. I'm going to finish this days-long restoration process and then wipe Carbonite from my life. I've reset my password 7 times today- all using the same password my browser auto-input.Īt this point, I'm done with Carbonite. I have to email a reset password link, enter security questions, and make a new password. Every time I'm kicked out, Carbonite won't accept my password. To avoid this, you have to diligently babysit the site. If the Carbonite website kicks you out while downloading files, you will continue downloading zips but they corrupt upon completion. You have 60 seconds to select "yes" or it kicks you out. Maybe 20% of the time?Įvery 8 min 40 seconds, the website asks if you want to continue. Often, downloading from the website fails and you get a corrupted zip. and the website also caps downloads at 0.5 mbps.įile downloads from the website are limited to 10GB or 5000 files, meaning a single project is often broken into several zip-downloads. Selecting "choose which files to restore" on the desktop app takes me to the website, where I can see all my other HDDs and files. I had to recover files twice, because the first one didn't send my files anywhere although it spit out a "complete" message. In Carbonite's windows app, when I select "recover all files" only 2 of the 6 hard drives are visible.įile recovery moves at 0.5 mbps, meaning the 103 GB of data on my C drive took over 48 hours. Good thing I have everything backed up, right? Now I just need to get this off my chest: My PC was recently stolen while moving into a new house. Based on reddit posts, other people seem to think it's bad too. So while I only have one PC backed up, I have several hard drives with multiple terabytes of data backed up to Carbonite. I'm a digital artist who never deletes his work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |