AdGuard Inc.

AdGuard operates as a provider of ad-blocking software and services. Its core offering involves developing and maintaining tools designed to block online advertisements, trackers, and potentially malicious content across various digital platforms. These services primarily cater to end-users seeking enhanced privacy, security, and a less cluttered browsing experience by preventing unwanted content from loading on websites and within applications. The company serves a global market, offering solutions compatible with popular web browsers, operating systems, and mobile devices to intercept advertisements before they reach the user.

In September 2018, AdGuard experienced a significant cybersecurity incident identified as a credential stuffing attack. Attackers leveraged previously breached username and password pairs from other websites to gain unauthorized access to a subset of user accounts within AdGuard's systems. These compromised accounts stored user-configured ad blocker settings. Due to the encryption protecting stored user passwords, AdGuard could not definitively identify which specific accounts were breached. Consequently, the company proactively initiated a mandatory password reset for all user accounts as a precautionary measure to secure potentially affected users and prevent further unauthorized access. The attackers' specific motives remained unclear, as the compromised accounts primarily held configuration settings rather than highly sensitive financial or personal data beyond login credentials.

Following the incident, AdGuard implemented several security enhancements to mitigate the risk of similar attacks in the future. A key technical measure was the integration of the Have I Been Pwned API into their authentication system. This integration allows AdGuard to check newly created or reset passwords against a vast database of known compromised credentials, flagging and preventing users from employing passwords already exposed in third-party breaches. Furthermore, the company enforced stricter password complexity requirements for user accounts to increase resistance against brute-force and credential stuffing attempts. AdGuard also announced plans to introduce support for two-factor authentication, providing users with an additional layer of security beyond passwords, although this feature was noted as a future development at the time of the incident response. These steps demonstrated a focus on hardening account security post-breach.