Did You Order the Code Red?

“Passwords just aren’t cutting it online. It’s getting worse. We all feel it.” This is what Jeremy from Basecamp’s Security, Infrastructure, and Performance team wrote in a February blog post after dealing with a mass-login attack. Intruders with huge lists of login credentials—obtained in previous data breaches—tried using those passwords to access Basecamp accounts. Hear how Basecamp addressed the immediate incident and was also forced to reflect on longer-term plans for customer security in an increasingly insecure age.

2 thoughts on “Did You Order the Code Red?

  1. Hey guys! Have you considered using the “Have I Been Pwned” password API to check users’ passwords and warn them that the password they just used should be changed right away? That might be a good idea.

    https://haveibeenpwned.com/API/v2

    Sorry if you’re way ahead of me on this!

Leave a Reply

Your email address will not be published. Required fields are marked *

Basecamp running on a laptop

Hey, have you tried Basecamp lately?

Used an earlier version, but moved on? Heard of it, but never signed up? Today's Basecamp will surprise you! It's all-new, thoroughly modern, and unlike anything else. Now you can ditch Slack, Asana, Trello, Jira, Dropbox, or some other messy jumble of products. Simplify and centralize around Basecamp instead. It's all you need for project management and internal communication. Try it free today and see what you've been missing.