Did You Order the Code Red?

“Passwords just aren’t cutting it online. It’s getting worse. We all feel it.” This is what Jeremy from Basecamp’s Security, Infrastructure, and Performance team wrote in a February blog post after dealing with a mass-login attack. Intruders with huge lists of login credentials—obtained in previous data breaches—tried using those passwords to access Basecamp accounts. Hear how Basecamp addressed the immediate incident and was also forced to reflect on longer-term plans for customer security in an increasingly insecure age.

2 thoughts on “Did You Order the Code Red?

  1. Hey guys! Have you considered using the “Have I Been Pwned” password API to check users’ passwords and warn them that the password they just used should be changed right away? That might be a good idea.


    Sorry if you’re way ahead of me on this!

Comments are closed.