- The company detected continuous login attempts to AdGuard accounts from various suspicious IP addresses.
- The attackers obtained emails and passwords from previously compromised and leaked databases to conduct the attack.
Popular ad blocker AdGuard, which fucntions on Android, iOS, Windows and Mac devices, reset the passwords of each of its users after falling victim to a brute-force attack. The decided to reset user passwords after it detected continuous login attempts to AdGuard accounts from various suspicious IP addresses, belonging to various computers across the globe.
AdGuard initially stopped the attacks by a rate limiter - a security measure that detects malicious login attempts using different passwords. Unfortunately however, this did not work out.
“Rate limiting is not enough when an attacker already knows what password to use. Unfortunately, this seems to be the case. The pairs of email/password used by intruders belong to known databases of leaked accounts,” AdGuard said in a statement.
The company stated that the attackers used emails and passwords from previously compromised and leaked databases.
“Attackers used one of the databases of leaked accounts that is available online and checked whether the email/password data could access AdGuard accounts. We believe that attackers were able to access some of the accounts,” said the company. “All passwords stored in AdGuard database are encrypted so we cannot check whether any of them is present in the known leaked database. That’s why we decided to reset passwords of all users.”
AdGuard said that it has connected to the ‘Have I Been Pwned’ website into their existing infrastructure. This will help users can check whether their data was leaked in any of the recent breaches.
As a security measure, the firm requested its users to reset passwords to all AdGuard accounts. The company is also strongly considering introducing two-factor authentication to enhance protection for its user accounts.