AdGuard resets all user passwords after credential stuffing attack

Attackers gained access to some AdGuard accounts but company can't tell how many.
Written by Catalin Cimpanu, Contributor

AdGuard, a popular ad blocker for Android, iOS, Windows, and Mac, has reset all user passwords, the company's CTO Andrey Meshkov announced today.

The company took this decision after suffering a brute-force attack during which an unknown attacker tried to log into user accounts by guessing their passwords.

Meshkov said the attacker used emails and passwords that were previously leaked into the public domain after breaches at other companies.

This type of attack --using leaked usernames and passwords to hack into accounts at other services-- is known as credential stuffing.

Also: Zaif cryptocurrency exchange loses $60 million in recent hack

The AdGuard CTO said attackers were successful in their assault and gained access to some AdGuard accounts, used for storing ad blocker settings.

"We don't know what accounts exactly were accessed by the attackers," Meshkov said. "All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That's why we decided to reset passwords of all users."

The company says it implemented the Have I Been Pwned API into their existing infrastructure so that when users will configure a new password, the AdGuard system will warn them if they're using passwords leaked at other services.

Meshkov said AdGuard now also uses stricter rules for choosing passwords, and they also intend to support two-factor authentication in the future.

CNET: Equifax just took another hit from that 2017 hack

The AdGuard exec also revealed that the company found out about the attack after its rate-limiting systems detected the numerous failed login attempts during the password guessing phase of the attack.

Most of the attacks were stopped, but some were successful, which usually tends to happen when attackers get lucky and guess the proper combination during the first login attempts.

It is unclear what the attackers were attempting to do with such low-value accounts.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

Editorial standards