User accounts belonging belonging to the popular AdGuard ad blocker have been hacked by an unknown hacker or criminal collective. The incident has prompted the company behind it to issue a mandatory password reset on all user accounts in order to prevent abuse. This affects users of all operating systems: Android, iOS, Windows and Mac.
Adguard Ad Blocker Accounts Hacked by Unknown Hackers
The AdGuard ad blocker servers have been infiltrated by an unknown hacker or criminal collective. The company behind it announced the incident stating that the reason for this was a brute-force attack on individual user accounts. This happened via a bulk action, possibly via a script or a specially designed modular framework. According to the company the hackers were in possession of email and password combinations that were previously leaked publicly after previous account breaches from other companies. The users that did have not changed their account credentials will be affected. AdGuard announced that they do not have information about the number of infected account holders due to the fact that all extensions are encrypted in the database servers.
The Have I Been Pwned API has been implemented by the security team which means that all users will need to set up a new password. This system will automatically alert the users if their email/username and password were previously used by another site that has been leaked. Stricter rules for passwords have been placed which should instruct the account holders on setting up strings that should not be picked easily via dictionary or brute force attacks. In addition AdGuard will support two-factor authentication in the future.
The mechanism used to detect the infiltration attempts was by using a rate-limiting system. It detected an unusually long sequence of failed login attempts which alerted the security personnel. At this time the hackers were blocked from accessing the servers further however a portion of the user accounts have probably been overtaken. At this point it is not known what is the exact purpose of the identities. They may be used to plan identity theft attacks or social engineering attacks.
UPDATE! AdGuard has reached out to us confirming that their extension were not hacked. Their statement to us shows that the intruders tried to attack AdGuard servers by credential stuffing (meaning they used leaked databases of some emails/passwords from the Internet to try to login to accounts of AdGuard users). All paswords have been reset, the users will need to set new ones according to the company’s policy.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: