back to article Carbonite online backup accounts under password reuse attack

If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before. Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack. The company claims its own systems haven't been compromised, but if …

  1. gollux

    Totally, absolutely awesome. Steal their backups, hit them with a targeted attack while simultaneously burning their backups to the ground.

  2. Anonymous Coward
    Anonymous Coward


    The company claims its own systems haven't been compromised, but if a user ID/password combination was in a list from another large breach, the account would have been popped.

    Hack attempts and large breaches happen every day somewhere in the world, so why are Carbonite especially concerned in this case?

    The only thing that makes sense is that the referenced 'large breach' of someone else's server did reveal Carbonite usernames/passwords.

    1. Mark Allen

      Re: Puzzling

      It's all about the patterns. Clearly Carbonite were seeing multiple logins from a new range of IP Addresses. I'd assume that Carbonite keeps track of IP Addresses where the software is running. So if lots of accounts login from new IP Addresses - that would cause an alert. And if those addresses all come the same range - it has clearly trigged a full reset response.

      It shows the place it run by Engineers and not Marketing people.

      1. psychonaut

        Re: Puzzling

        agree. id also suspect that they know on average how many users log into the portal on any given timeframe. if there is a large spike, then they can be suspicious.

        they are handling it really well. (ive got 200 odd customers on carbonite)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019