AdGuard, a popular ad blocker for Android, iOS, Windows and Mac, resets all user passwords, it announced today the CTO of Andrey Meshkov.
Meshkov said the attacker managed to gain access to certain user accounts by using names and passwords that had leaked after violations in other companies.
AdGuard's CTO said:
We do not know in which accounts they were violated. All passwords stored in the AdGuard database are encrypted, so we can not check if there are any leaks from another database. That's why we decided to reset all users' passwords.
The company says it uses the "Have I Be Pwned" API, so if a password is leaked, the AdGuard system will alert the user who uses it.
Meshkov also announced that AdGuard will use stricter rules for password selection and that they intend to add two-factor authentication sometime in the future.