Carbonite, an online cloud backup firm is forcing all of its users, totaling to some 1.5 million, to reset their passwords after detecting some user accounts being targeted in a password reuse attack.
Carbonite has revealed that hackers were attempting to break into user accounts using passwords from a spate of recent leaks from breaches such as those affecting LinkedIn, TeamViewer, Tumblr and more.
For some accounts, personal information “may” have been compromised and exposed, Carbonite stated in its blog .
The forced password reset is also falling in line with other companies and websites issuing the same mandate for its users, including the likes of TeamViewer, iMesh and Twitter.
Deemed a “password reuse attack”, opportunistic malicious hackers and cybercrooks tend to comb databases leaked from breaches, attempting to use leaked user credentials on other websites such as Carbonite, even though the latter’s security infrastructure is intact. These incidents are precisely why security experts insist that users do not reuse the same passwords on different websites.
“Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised,” the cloud backup service added.
Affected customers include Mac and Windows Carbonite Personal users, as well as Carbonite Pro customers, in addition to MailStore and Carbonite Server Backup users.
A statement on its blog post read:
To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information. All Carbonite users will receive an email with instructions to reset their passwords.
Meanwhile, the firm is urging users to check for the originating email address of the password reset in an effort to dissuade their customers from falling pretty to phishing emails.
Carbonite users are urged to ensure that the password reset email is coming in from carbonite[@]cloud.carbonite.com.