Hi All,
Hope you are doing well.

This is a notice about the security incident we were subjected to today.

In the morning today( 11:30 AM IST), we noticed several unusual logins and multiple failed attempts. A look at our log suggested brute force dictionary attack against BuddyDev accounts.

Overall, there were 26 accounts that were recently compromised during this brute-force login attack. The attacker utilized a dictionary attack method to gain access to the account by repeatedly attempting to log in with guessed passwords.

To protect these accounts, we have taken the following actions:

– Temporarily disabled these accounts.
– Changed their password.
– Reset their API key for accessing automatic updates.

We have mailed all of these users with the details and the steps to re-enable the account.

If you were one of the victims of this attack(You should have received an email from us by now), Please reset your password by following the link below:-

Reset Password: https://buddydev.com/resetpass

Please note that no financial details were breached. At BuddyDev we do not store billing information or payment details other than transaction id. The attacker gained limited access to BuddyDev username, full name, email address, and API key for these breached accounts.

To enhance the security of your account, we recommend using a strong password. Additionally, we will be implementing two-factor authentication within the next 30 days to mitigate the risk of similar attacks in the future.

Best regards,
Brajesh