Carbonite has disabled all customer passwords and is sending emails which contain a link for password resent. Of course this seems asinine in the age of phishing attacks. Yet the
carbonite.com says this is what they're doing, as does their Twitter account, @Carbonite. Obviously people are reluctant to click on the link.
From the website:
What Happened
As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts.
Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.
What Information Was Involved
While we will continue to monitor and investigate the matter, we have determined that usernames and passwords are involved. Additionally, for some accounts, other personal information may have been exposed.
What We Are Doing
To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information. All Carbonite users will receive an email with instructions to reset their passwords. These emails will arrive in your inbox over the course of the day and evening. Our Customer Care team is standing by to assist anyone who needs additional help. This activity in no way affects existing or scheduled backups. Files are still being safely backed up.
In addition to our existing monitoring practices, we will be rolling out additional security measures to protect your account, including increased security review and two-factor authentication [which we strongly encourage all customers to use].
What Carbonite Customers Should Do
Look for an email from Carbonite with instructions for resetting your password. We highly recommend all customers use “strong” unique passwords for Carbonite and all online accounts. Learn more about strong passwords at
www.carbonite.com/safety. If you use the same or similar passwords on other online services, we recommend that you set new passwords on those accounts as well.
For More Information
If you have questions or concerns, please contact Carbonite Customer Care.