Basecamp successfully blocked an hour-long credential stuffing attack targeting its platform on January 29, with only around 100 out of the company’s advertised user base of approximately 3 million accounts being affected. CTO David Heinemeier Hansson announced in a blog post on the company’s website that the attack was detected at 12:45 PM central when a huge increase in the number of logins was detected by the ops team. The assailants made approximately 30,000 attempts to access Basecamp accounts over the duration of the attack which kept going for roughly one hour, from a large range of IP addresses.
Source: BleepingComputer