carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Jun 21, 2016

Carbonite Accounts Targeted In Password Reuse Attack

Carbonite Accounts Targeted In Password Reuse Attack

Color illustration of a laptop screen displaying hidden password.

**Customers - see below to find out what you should know and visit our Knowledge Base for instructions on how to reset your password.**

 

What Happened

As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts.

Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.

What Information Was Involved

While we will continue to monitor and investigate the matter, we have determined that usernames and passwords are involved. Additionally, for some accounts, other personal information may have been exposed.

What We Are Doing

To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information. All Carbonite users will receive an email with instructions to reset their passwords. These emails will arrive in your inbox over the course of the day and evening. Our Customer Care team is standing by to assist anyone who needs additional help. This activity in no way affects existing or scheduled backups. Files are still being safely backed up.

In addition to our existing monitoring practices, we will be rolling out additional security measures to protect your account, including increased security review and two-factor authentication [which we strongly encourage all customers to use].

What Carbonite Customers Should Do

Look for an email from Carbonite with instructions for resetting your password. We highly recommend all customers use “strong” unique passwords for Carbonite and all online accounts. Learn more about strong passwords at www.carbonite.com/safety. If you use the same or similar passwords on other online services, we recommend that you set new passwords on those accounts as well.

Is the email you received legitimate?
Yes. Carbonite sent an email to all customers an email asking them to reset their passwords.

How to tell if the email you received is legitimate:

  • Don’t trust the sender nickname. Check the sending email address. We sent from carbonite@cloud.carbonite.com. Don’t trust an email from anything else.
  • Our Reset Your Password button brings you to a Carbonite page. Check to make sure the URL is account.carbonite.com and that it has a green lock.
  • Don’t download and run anything. Our password reset runs in your browser so don’t download and run any executables as they may be malicious.

What can you do if the password reset link isn’t working?

For More Information

If you have questions or concerns, please contact Carbonite Customer Care.

Author

Carbonite

News and views from the Carbonite team.

Related content