This article is more than 1 year old
Carbonite online backup accounts under password reuse attack
System-wide reset to block miscreants with account lists
If you're a user of online backup service Carbonite, you're getting a new password. Don't make it one you've used somewhere before.
Carbonite has released a statement telling users it's run a system-wide password reset in the face of a password-reuse attack.
The company claims its own systems haven't been compromised, but if a user ID/password combination was in a list from another large breach, the account would have been popped.
"While we will continue to monitor and investigate the matter, we have determined that usernames and passwords are involved. Additionally, for some accounts, other personal information may have been exposed," the statement notes.
Carbonite hasn't yet imposed two-factor authentication as a default, but it does "strongly encourage" its customers to use 2FA.
As a proactive safety measure, we’re asking customers to change passwords here: https://t.co/i23Jud3w7f More info https://t.co/qkqE3CXOoq
— Carbonite (@Carbonite) June 21, 2016
This month alone, miscreants with user/password lists have made life hell for TeamViewer and GoToMyPC.
TeamViewer suffered criticism when it wasn't sufficiently diplomatic about users choosing weak or re-used passwords, calling such people "careless" – until it turned out they were very special snowflakes indeed.
There's no doubt that other services will be in the firing line for password reuse attacks, so now's a good time to get rid of all your duplicate passwords. ®