Carbonite Forces Password Reset After Password Reuse Attack

According to Responsible Computer Solutions LLC, Carbonite, Inc., a provider of online computer and server backup services, notified its more than 1.5 million individual and small business customers that they were forcing a password reset.  

The reset, announced on June 24, 2016, was implemented after the firm discovered that some users’ credentials, obtained elsewhere, were being used to try to obtain user data: “As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts.”

The firm emphasized that, “Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.“
 
So no actual data was hacked?
This time, no. Next time, who knows?
This type of attack is referred to a Password Reuse attack. Basically, the attacker preys on weak passwords and even weaker security on other websites that require a user name and password. Unfortunately, most people use the same password everywhere, and once a hacker has your password from one site they will attempt to use it at every site. … in this case they attempted Carbonite, albeit unsuccessfully. (or so they claim)
 
One of the fundamental differences with us and the large volume, discount backup providers is the lack of personal attention. at Responsible Backup we personally get to know our clients and keep there passwords highly complex and encrypted. You and your business data are not just an username and password, waiting to be compromised.
 
So how does Responsible Backup protect from this type of attack?
When you sign up with Responsible Backup it’s not just an account, it’s a partnership. You have entrusted us to safeguard your critical business data, and we take this task very seriously. I can go on, and on about the encryption, and redundancy we provide but in this case it’s really simple. You don’t choose a user name and password. We choose a highly complex password and encrypt it, along with all of your other user information. Think of Responsible Backup like your own personal BC and DR team. We consult with you on the best solutions to keep your business up and running through any potential disaster, and when that day comes (or just an accidentally deleted a file) all you have to do is call. We’ll be there, with your data. No passwords needed.