AdGuard Security Notice
20 SEPTEMBER 2018 on AdGuard News
We have detected an attack towards AdGuard servers. Attackers used one of the
databases of leaked accounts that are available online and checked whether
the email/password data fit to access AdGuard account. We believe that
attackers were able to access some of the accounts.
What happened?
Today we detected continuous attempts to login to AdGuard accounts from
suspicious IP addresses which belong to various servers across the globe.
These attempts were stopped by a rate limiter which is an obvious measure
against bruteforcing users' passwords.
However, rate limiting is not enough when attacker already knows what
password to use. Unfortunately, this seems to be the case. The pairs of
email/password used by intruders belong to known databases of leaked accounts.
Where do these leaked databases come from? There were numerous data breaches
where data is inadvertently exposed in a vulnerable system, usually due to
insufficient access controls or security weaknesses in the software. Some
notable examples are breaches of Yahoo, Adobe, VK and many more.
What we did to protect you
As a precautionary measure, we have reset passwords to all AdGuard accounts.
We have now set stricter requirements for AdGuard account passwords.
We have connected to HaveIBeenPwned API — a website that collects data about
all known compromised passwords. If the password that you are entering is
found in the database of leaked ones, you will see a warning.
Is your account compromised?
We don't know what accounts exactly were accessed by the attackers. All
passwords stored in AdGuard database are encrypted so we cannot check whether
any of them is present in the known leaked database. That's why we decided to
reset passwords of all users.
Just in case, you can check out haveibeenpwned.com and see for yourself if
your data was leaked in any of the known data breaches.
Note that your license keys are safe as long as they are binded to devices
that you use them on, and nothing bad can happen to these keys. You can
continue to manage them via your personal account.
Got it, what shall I do?
You need to set a new password. As we said, we have reset passwords of all
users, therefore, to regain access to your account, you need to click on this
link and follow the instructions to create a new password.
We apologize for the inconvenience, but you know that we care about our users
and their data privacy and had to promptly take action. Thank you for
understanding!
Future measures
After this accident we strongly considered introducing the two-factor
authentication. We physically can't implement it in one day, but this will be
our next step and we will let you know about it as soon as its done.
https://goo.gl/z14x42
稍早收到信件通知，原本不確定真假
過了一會等部落格更新後才確定應該沒錯
這套板上之前有人詢問去廣告APP時滿多人提到的
應該有不少人裝
簡單來說，伺服器被攻擊然後有些帳戶外流了
官方直接重置所有的密碼
有購買完整版的記得更改一下密碼