Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Data Storage

Online Backup Firm Carbonite Tells Users To Change Their Passwords Now (grahamcluley.com) 35

Security reporter Graham Cluley writes:Online backup company Carbonite is the latest firm to have issued a warning that hackers are attempting to break into its users accounts, and are prompting all users to change their passwords as a result. An email has been sent to Carbonite users explaining that the attackers are thought to be using passwords gleaned from other recent mega-breaches. "Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised," the email reads. "To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information."Instructions to assist you with changing your password is here.
This discussion has been archived. No new comments can be posted.

Online Backup Firm Carbonite Tells Users To Change Their Passwords Now

Comments Filter:
  • by turkeydance ( 1266624 ) on Tuesday June 21, 2016 @04:33PM (#52362447)
    "Carbonite Personal online backup protects your most important digital assets, automatically and continuously." see? don't have to worry about hacked passwords.
    • >> see? don't have to worry about hacked passwords

      Rush Limbaugh told me to buy it because it was safe, so I did.
      http://www.breitbart.com/big-journalism/2012/08/03/carbonite-ceo-concedes-dropping-rush-limbaugh-put-bigger-hole-in-our-revenue-than-previously-expected/
    • by AmiMoJo ( 196126 )

      Try Spideroak. All files are encrypted on your end before they are uploaded, including metadata. Files are stored in encrypted archives so if someone hacks the server they can't even determine file sizes or names etc. Your password is not even stored by Spideroak, authentication is done by the client being able to decrypt the backup metadata it previously uploaded.

  • by Anonymous Coward on Tuesday June 21, 2016 @04:33PM (#52362449)

    If there's one thing we should learn from these breaches it's that having to create an account to use a site is generally a dumb thing to do.

    Yes, it's unavoidable in some cases, but in other cases there's no reason not to allow Anonymous Coward-style interaction, like Slashdot does.

    As we can see from sites like Slashdot, Reddit, Hacker News, and Stack Overflow, supporting or forcing the use of accounts actually reduces the quality of the discussion. Everybody becomes concerned about protecting their "karma" or "points" or whatever they fuck the site calls them, and instead of getting real discussion we often get a pacified, pathetic discourse instead.

    Accounts are typically one of the worst things that a web site can support.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Hi, same AC here. I thought a little bit about what I said and I have changed my mind, websites with accounts are great! Also, I like to eat my boogers.

  • by no1nose ( 993082 ) on Tuesday June 21, 2016 @04:56PM (#52362579)

    They told everyone to reset their passwords and strongly encouraged 2-factor authentication.

  • There is no such thing as online backup. By definition backup must not be online. Physical presence and offline media is required. http://www.taobackup.com/ [taobackup.com]
    • by vux984 ( 928602 )

      Sorry. You are simply wrong.

      A service like carbonite or crashplan etc absolutely is a backup, and it is online.

      The Tao of Backup fails to consider and manage risk.

      The novice said: "I will save my working files, but not my system and application files, as they can be always be reinstalled from their distribution disks."

      The master made no reply.

      The next day, the novice's disk crashed. Three days later, the novice was still reinstalling software.

      I'd say the novice made the right decision. For the average user. The cost of losing 2 days productivity is far cheaper than what the master proposes having in place just to avoid losing 2 days productivity.

      Its not really a win if you spend $10,000 to gracefully avoid a $1000 loss.

  • I assume so many people doing resets at once, plus the attack itself is why Carbonite is being slow to respond today?

  • Websites should not store users' passwords. It's completely unnecessary. Instead, the registration and login web pages offered by the website should compute a hash of the user's chosen password using JavaScript embedded in the page. This hash should be sent to the web server, which must then store it. If the web server is subsequently hacked, the hackers get hashes of passwords rather than the original passwords. There's no way to recover the original password from its hash. So even if each website us
  • At least the first backup would easily blow through my monthly quota. Assuming that the backup algorithm used versioning (e.g. rsync), subsequent backups would be smaller.

  • This is not the first such incident. See https://apple.slashdot.org/sto... [slashdot.org] about how easy it is to socially engineer your way into someone else's account. That's why I do not want anything vital "in the cloud"...

    * because people can get at your data on the cloud
    * GM can shut down your car from the cloud via Onstar
    * California now demands that phones "reported stolen" be shut down from the cloud

    etc, etc.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...