If you have a home network, odds are good that you use a Linksys router. In fact, it's a brand that a great many small and medium sized businesses rely on as well.
With that in mind, be advised that recently, the company locked user accounts on its Smart WiFi cloud service.
The company is asking users to reset their passwords, after hackers had been discovered hijacking accounts and changing settings to redirect users to malware sites.
The company, in coordination with Bitdefender, found that redirects were occurring when a user logged in with a compromised account tried to access sites.
The sites include, but not limited to:
- aws.amazon.com
- goo.gl
- bit.ly
- washington.edu
- imageshack.us
- ufl.edu
- disney.com
- cox.net
- xhamster.com
- pubads.g.doubleclick.net
- tidd.ly
- redditblog.com
- fiddler2.com
- winimage.com
In each case, the hackers took pains to design a site that resembled the site the user intended to visit. Of course, when that user clicked on a link on the page, it would download and install whatever form of malware the hackers wanted to deliver.
Linksys has put a stop to it, but if you have an account, you'll need to reset your password before you can access your account information again. Note that this only impacts Smart WiFi accounts. If you have a router not connected to that system, there is nothing for you to do.
Kudos to both Linksys and Bitdefender for spotting the problem and taking quick action to correct it. While there will no doubt be other threats to the security of your system in the weeks and months ahead, this is one less you have to worry about. That is, all for the price of simply resetting your password.
At this late date it should go without saying, we urge anyone who has to reset their password to make it a robust one. Resist the temptation of using the same password for your Linksys Cloud account that you use on other web properties. If you're still in the habit of doing that sort of thing, now is a great time to break it!