The online backup firm Carbonite has setup controls forcing all users to change their passwords immediately.  Carbonite has NOT been recently hacked.  However, they are concerned regarding older security breaches where user passwords had been discovered.  Many individuals use the same password for multiple sites. When a standard password is discovered, it allows attackers access to all other sites where this approach is used.  Carbonite has recently seen some unauthorized access due to these reasons and are taking this precaution.

https://www.carbonite.com/en/resources/carbonite-blog/carbonite-password-attack/

https://www.grahamcluley.com/2016/06/online-backup-firm-carbonite-targeted-password-reuse-attack/

What Happened — As part of our ongoing security monitoring, we recently became aware of unauthorized attempts to access a number of Carbonite accounts. This activity appears to be the result of a third party attacker using compromised email addresses and passwords obtained from other companies that were previously attacked. The attackers then tried to use the stolen information to access Carbonite accounts. Based on our security reviews, there is no evidence to suggest that Carbonite has been hacked or compromised.

What Information Was Involved –While we will continue to monitor and investigate the matter, we have determined that usernames and passwords are involved. Additionally, for some accounts, other personal information may have been exposed.

What We Are Doing — To ensure the protection of all our customers and the safety of their data, we are requiring all Carbonite customers to reset their login information. All Carbonite users will receive an email with instructions to reset their passwords. These emails will arrive in your inbox over the course of the day and evening. Our Customer Care team is standing by to assist anyone who needs additional help. This activity in no way affects existing or scheduled backups. Files are still being safely backed up. In addition to our existing monitoring practices, we will be rolling out additional security measures to protect your account, including increased security review and two-factor authentication [which we strongly encourage all customers to use].

What Carbonite Customers Should Do — Look for an email from Carbonite with instructions for resetting your password. We highly recommend all customers use “strong” unique passwords for Carbonite and all online accounts. Learn more about strong passwords at www.carbonite.com/safety. If you use the same or similar passwords on other online services, we recommend that you set new passwords on those accounts as well.

Is the email you received legitimate? — Yes. Carbonite sent an email to all customers an email asking them to reset their passwords.