AdGuard, a popular ad blocker for Android, iOS, Windows and Mac, resets all user passwords, it announced today its CTO companyAndrey Meshkov.
The company took this decision when it received a brute-force attack in which an attacker tried to connect to user accounts, guessing passwords.
Meshkov said the attacker managed to gain access to certain user accounts by using names and passwords that had leaked after violations in other companies.
AdGuard's CTO said:
Δεν γνωρίζουμε σε ποιοι λογαριασμοί παραβιάστηκαν. Όλοι οι passwords που είναι αποθηκευμένοι στη βάση data of AdGuard are encrypted, so we can't check if there are any leaked from another database. That's why we decided to reset all users' passwords.
The company states that uses το API του “Have I Be Pwned”, ούτως ώστε αν κάποιος codehas been leaked, the AdGuard system will warn the user using it.
Meshkov also announced that AdGuard will use stricter rules for choosing passwords and that they plan to add verification identity two factors sometime in the future.