AdGuard resets all user passwords after credential stuffing attack

AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, has reset all user passwords, the company’s CTO Andrey Meshkov announced today.

The company took this decision after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords.

Meshkov said the attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies.

This type of attack –using leaked usernames and passwords to hack into accounts at other services– is known as credential stuffing.

Also: Zaif cryptocurrency exchange loses $60 million in recent hack

The AdGuard CTO said attackers were successful in their assault and gained access to some AdGuard accounts, used for storing ad blocker settings.

“We don’t know what accounts exactly were accessed by the attackers,” Meshkov said. “All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That’s why we decided to reset passwords of all users.”

The company says it implemented the Have I Been Pwned API into their existing infrastructure so that when users will configure a new password, the AdGuard system will warn them if they’re using passwords leaked at other services.

Meshkov said AdGuard now also uses stricter rules for choosing passwords, and they also intend to support two-factor authentication in the future.

CNET: Equifax just took another hit from that 2017 hack

The AdGuard exec also revealed that the company found out about the attack after its rate-limiting systems detected the numerous failed login attempts during the password guessing phase of the attack.

Most of the attacks were stopped, but some were successful, which usually tends to happen when attackers get lucky and guess the proper combination during the first login attempts.

It is unclear what the attackers were attempting to do with such low-value accounts.

Related coverage:

READ MORE HERE