Carbonite

Carbonite

Carbonite, a provider of online computer and server backup services suffered a password reuse attack in which some users’ credentials, obtained elsewhere, were used to obtain user data.

The company notified its more than 1.5 million individual and small business customers and forced them to password reset.

The attack was a result of a third-party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked.

Source: https://www.databreaches.net/carbonite-forces-password-reset-after-password-reuse-attack/

TPRM report: https://scoringcyber.rankiteo.com/company/carbonite

"id": "car1914123",
"linkid": "carbonite",
"type": "Breach",
"date": "06/2016",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '1.5 million',
                        'industry': 'Technology',
                        'name': 'Carbonite',
                        'size': 'More than 1.5 million customers',
                        'type': 'Service Provider'}],
 'attack_vector': 'Compromised Credentials',
 'data_breach': {'type_of_data_compromised': 'User Credentials'},
 'description': 'Carbonite, a provider of online computer and server backup '
                'services, suffered a password reuse attack in which some '
                'users’ credentials, obtained elsewhere, were used to obtain '
                'user data. The company notified its more than 1.5 million '
                'individual and small business customers and forced them to '
                'password reset. The attack was a result of a third-party '
                'attacker using compromised email addresses and passwords '
                'obtained from other companies that were previously attacked.',
 'impact': {'data_compromised': 'User Data'},
 'motivation': 'Data Theft',
 'post_incident_analysis': {'corrective_actions': 'Forced password reset',
                            'root_causes': 'Password Reuse'},
 'response': {'communication_strategy': 'Customer notification',
              'containment_measures': 'Forced password reset'},
 'threat_actor': 'Third-party attacker',
 'title': 'Password Reuse Attack on Carbonite',
 'type': 'Password Reuse Attack',
 'vulnerability_exploited': 'Password Reuse'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.