Carbonite announced a forced password reset after the online backup provider discovered attackers attempting to access its user accounts. The password reset follows the discovery of approximately 713 million email credentials for sale on the Dark Web last month.
There is no evidence that Carbonite was hacked, the online backup company stated. Third-party attackers appear to have used email addresses and passwords “obtained from other companies that were previously attacked,” Carbonite said in a statement on Tuesday. “The attackers then tried to use the stolen information to access Carbonite accounts.”
The login credentials were obtained from separate breaches at LinkedIn, MySpace, Tumblr, and VK, most of which are believed to have occurred in 2012 and 2013. Two individuals from Russia have separately claimed responsibility for publishing the login credentials. The two Russians, who use the pseudonyms “Peace” and “Tessa88,” do not have kind words for each other. They both claim that the other was not involved in hacking the companies, according to a Motherboard report.
It is “highly doubtful” that either Peace or Tessa are behind the breaches, a security professional told SCMagazine.com. “Millions of passwords” are dumped onto repositories like Pastebin, said Dominique Davis, CEO of Red Cell Infosec.
In an ironic twist, Davis said one of the cybercriminals may have been exposed in a data dump. Login credentials used by Minecraft players were posted on Pastebin in December and one of the hacked accounts used the password ‘tessa88'. The unique password selection “may indicate a close connection to Tessa88,” he said.