Cyber Incident Victim: Arlo

On or around May 26, 2018, Arlo detected suspicious activity targeting customer accounts, prompting an immediate investigation. The company identified patterns consistent with credential-stuffing attacks, where threat actors systematically attempted to access accounts using username and password combinations obtained from an unrelated third-party source. Arlo confirmed no evidence of compromise within its own infrastructure, systems, or databases, ruling out a direct breach of its network. The attackers leveraged previously exposed credentials from external sources to target Arlo accounts through automated login attempts. Upon detecting these unauthorized access attempts, Arlo initiated internal security protocols to analyze the scope and origin of the activity.

As a precautionary measure, Arlo notified customers via a community forum post on May 26, advising all users to change their account passwords immediately. The company emphasized that this recommendation applied universally to all customers, regardless of whether individual accounts showed signs of compromise. The notification provided instructions for resetting passwords but did not disclose technical details about the volume of affected accounts or specific indicators of compromise. Arlo's investigation remained ongoing at the time of the announcement, with no additional security incidents or data exposures linked to the credential-stuffing campaign. The incident highlighted risks associated with password reuse across multiple platforms, though Arlo's systems themselves were not implicated as the source of credential exposure.