After detecting an attack toward its servers last week, ad blocker AdGuard reset all users’ passwords. The company has 5 million users worldwide. AdGuard assured users that the company’s servers were not compromised, so the resetting of passwords was mostly a preventative measure. The company has since set stricter password requirements, and they have connected to HaveIBeenPwned API, a website that gathers data about all known compromised passwords. If a user tries a password found in this database, the user will receive a warning.

AdGuard detected repeated login attempts to AdGuard accounts from suspicious IP addresses from different services around the world.

“These attempts were stopped by a rate limiter which is an obvious measure against bruteforcing users’ passwords,” explained AdGuard. “However, rate limiting is not enough when attacker already knows what password to use. Unfortunately, this seems to be the case. The pairs of email/password used by intruders belong to known databases of leaked accounts.”

AdGuard said it doesn’t know exactly which accounts were accessed by hackers, and the passwords are encrypted so they cannot check to see which ones are in the known, leaked database. The company believes that no more than a few hundred accounts were accessed. All users will need to create a new password.

“We apologize for the inconvenience, but you know that we care about our users and their data privacy and had to promptly take action. Thank you for your understanding,” said Andrey Meshkov, co-founder and CTO of AdGuard, a September 20 blog post. “After this accident, we strong considered introducing the two-factor authentication. We physically can’t implement it in one day, but this will be our next step and we will let you know about it as soon as it’s done.”

The hack came one day after AdGuard released Android v2.12, including CoreLibs, a cross-platform filtering engine. This will increase performance and lower CPU consumption. The new version also includes Sentry, which will automatically send crash reports to developers along with the information they need to fix the problem. The app will have better communications functionality, automation settings and long tap shortchuts.

Insider Take:

We have written about data breaches and hacking issues before, but this is different than the standard data breach. In this case, AdGuard stopped the cyberattack before much damage was done. They took a proactive measure to prevent additional problems and are working on two-step authentication to further protect their users’ data. Most of the data breaches we hear about involve thousands – even millions – of affected users, so this was a small scale breach but serious nonetheless. We’re sure AdGuard users appreciated the company’s proactive, transparent approach.