Scripted botnet attack on 12/20/2017

Hey folks,

There was a botnet attack and we emailed the accounts (about 180 accounts) we saw suspicious activity on, putting this post here for the few folks to refer to if needed and to always have transparency with our customers and users:

Greetings,

On 12/20/2017 our web team detected a scripted botnet attack against our sign in form. It appeared to be using a list of emails and passwords from an unknown website or combination of sites which may have been compromised. Adafruit databases and backends have not been compromised to the best of our knowledge.

The attack ran through a list of email address and password combinations, then tried to sign in to our site with each one. The large majority of user/pass combinations failed and were not Adafruit customers or did not have shared passwords with these other websites.

Once we discovered that this attack had begun, we locked down our site as quickly as possible through various means including: additional throttling, requiring a captcha on sign in, DDOS protection (denial of service), and forcing password resets on those accounts that were affected.

We were able to determine that your account was in the list of email/password combinations. Your Adafruit account was accessed yesterday, 2017-12-20. This suspicious activity was the reason for an automated password reset.

We sent 40 password reset notifications while making sure your account and others were protected, and we are additionally sending this notification now.

You account password has been reset. Please use the ‘Forget your password?’ link at https://accounts.adafruit.com/users/sign_in to change it to a new, strong password, not used on other sites.

As a precaution, we suggest changing any passwords on other sites that may have used this email address or password in the past.

Adafruit databases and backends have not been compromised to the best of our knowledge, and we will continue to analyze this attack which appears to have been stopped.

Thanks web team and community support for taking care of this so fast.

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7:30pm ET! To join, head over to YouTube and check out the show’s live chat and our Discord!

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Join over 38,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org

New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — New Products 11/15/2024 Featuring Adafruit bq25185 USB / DC / Solar Charger with 3.3V Buck Board! (Video)

Python for Microcontrollers – Adafruit Daily — Python on Microcontrollers Newsletter: A New Arduino MicroPython Package Manager, How-Tos and Much More! #CircuitPython #Python #micropython @ThePSF @Raspberry_Pi

EYE on NPI – Adafruit Daily — EYE on NPI Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

Adafruit IoT Monthly — The 2024 Recap Issue!

Maker Business – Adafruit Daily — Apple to build another chip at TSMC Arizona

Electronics – Adafruit Daily — SMT Tip – Stop moving around!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !

No Comments

No comments yet.

Sorry, the comment form is closed at this time.

Filed under: site updates — by phillip torrone

Comments Off on Scripted botnet attack on 12/20/2017