AdGuard Reset User Passwords After Enduring Credential Stuffing Attacks
(Sep 24, 2018)
Ad-blocking software company AdGuard reported that they had recently suffered a cyber-attack in the form of credential stuffing, and issued a password reset to all users for all accounts. They noticed repeated login attempts from suspicious IP addresses belonging to a variety of servers world-wide, using login credentials from what the company suspects are past data breaches from other companies. As of this writing, the unknown threat actors are believed to have been able to gain access to a handful accounts that had the same password for multiple accounts on other sites. AdGuard issued a total account-wide password reset, but states that no internal servers or data were compromised.
Recommendation: It is important that your company, employees, and customers use different passwords for the different accounts that are being used. As this story portrays, previous breaches can allow actors to gain access to other accounts because users frequently use the same username and password combinations for multiple accounts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.