Online Backup Firm Carbonite Tells Users To Change Their Passwords Now (grahamcluley.com) 35
Security reporter Graham Cluley writes:Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result. An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches. "Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised," the email reads. "To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information."Instructions to assist you with changing your password is here.
Re: (Score:3)
Carbonite is a thing that existed before Star Wars:
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
Of course not, but it still prevents it from being trademarked.
Re: (Score:2)
Perhaps you'd like to tell that to Apple?
Or, for that matter, one of the thousands of other companies that have trademarked specific representations of common, pre-existing, words.
If it wasn't already apparent, a word used as a trademark does not have to be a unique or original word, its representation does, so no, the existence of a carbonite explosive or a fictional means of 'freezing' an object inside a carbon block does not prevent a company creating a trademark using the word carbonite.
from the website (Score:3)
Re: (Score:3)
Rush Limbaugh told me to buy it because it was safe, so I did.
http://www.breitbart.com/big-journalism/2012/08/03/carbonite-ceo-concedes-dropping-rush-limbaugh-put-bigger-hole-in-our-revenue-than-previously-expected/
Re: (Score:3)
Try Spideroak. All files are encrypted on your end before they are uploaded, including metadata. Files are stored in encrypted archives so if someone hacks the server they can't even determine file sizes or names etc. Your password is not even stored by Spideroak, authentication is done by the client being able to decrypt the backup metadata it previously uploaded.
More sites should support unauthenticated access (Score:5, Insightful)
If there's one thing we should learn from these breaches it's that having to create an account to use a site is generally a dumb thing to do.
Yes, it's unavoidable in some cases, but in other cases there's no reason not to allow Anonymous Coward-style interaction, like Slashdot does.
As we can see from sites like Slashdot, Reddit, Hacker News, and Stack Overflow, supporting or forcing the use of accounts actually reduces the quality of the discussion. Everybody becomes concerned about protecting their "karma" or "points" or whatever they fuck the site calls them, and instead of getting real discussion we often get a pacified, pathetic discourse instead.
Accounts are typically one of the worst things that a web site can support.
Re: (Score:2, Informative)
Hi, same AC here. I thought a little bit about what I said and I have changed my mind, websites with accounts are great! Also, I like to eat my boogers.
Re: (Score:2)
mod up ^
Re: (Score:2)
With that many passwords getting hacked, why are you re-using the same password for everything?
With Passwords being hacked all the time, why aren't you changing your passwords on a regular basis (every quarter, semi-annually)?
With Passwords being exposed by all kinds of data breaches, and the power of Botnets, why are you NOT using two-factor authentication more?
Or is it because all of those things a matter of convenience (or inconvenient)? Might as well set it to the same thing as my luggage.
Re: (Score:3)
You're 100% right, and yet not.
Reset passwords only affects people who don't ever change their passwords. If a site asked me to change my password, I would. Then I would change it again every three months, just because they have semi-admitted they can't keep my passwords (and their service) safe.
GoToMyPC had a similar issue this weekend (Score:3)
They told everyone to reset their passwords and strongly encouraged 2-factor authentication.
online backup? (Score:1)
Re: (Score:3)
Sorry. You are simply wrong.
A service like carbonite or crashplan etc absolutely is a backup, and it is online.
The Tao of Backup fails to consider and manage risk.
The novice said: "I will save my working files, but not my system and application files, as they can be always be reinstalled from their distribution disks."
The master made no reply.
The next day, the novice's disk crashed. Three days later, the novice was still reinstalling software.
I'd say the novice made the right decision. For the average user. The cost of losing 2 days productivity is far cheaper than what the master proposes having in place just to avoid losing 2 days productivity.
Its not really a win if you spend $10,000 to gracefully avoid a $1000 loss.
Carbonite being slow? (Score:2)
I assume so many people doing resets at once, plus the attack itself is why Carbonite is being slow to respond today?
Don't store passwords (Score:1)
What about ISP monthly gigabyte quotas? (Score:2)
At least the first backup would easily blow through my monthly quota. Assuming that the backup algorithm used versioning (e.g. rsync), subsequent backups would be smaller.
Don't put anything important in the cloud (Score:2)
This is not the first such incident. See https://apple.slashdot.org/sto... [slashdot.org] about how easy it is to socially engineer your way into someone else's account. That's why I do not want anything vital "in the cloud"...
* because people can get at your data on the cloud
* GM can shut down your car from the cloud via Onstar
* California now demands that phones "reported stolen" be shut down from the cloud
etc, etc.