Linksys is currently forcing password resets for anyone with an account on its “Smart Wi-Fi” service. This behavior might seem random, or even alarming, but it’s part of an effort on Linksys’ part to mitigate malware attacks that targeted its users earlier in April.
According to Linksys, hackers used credential-stuffing attacks to gain control of at least 1,200 routers and redirect connected devices to malware-ridden webpages filled with coronavirus-related phising scams. Linksys noticed the suspicious activity and reset the login credentials for all Smart Wi-Fi users to prevent further attacks—but this also means that users were unceremoniously kicked out of their accounts even if their passwords weren’t compromised.
How to change your Linksys router password
Even if you haven’t been asked to reset your Smart Wi-Fi account password—or you can’t remember if you did or not—it doesn’t hurt to do so right now. You can update your password by visiting this link, or by tapping “Forgot Your password” in the Linksys mobile app or on the Linksys Smart Wi-Fi webpage.
We should note that Linksys resetting your password doesn’t necessarily indicate you were a victim of the credential-stuffing attack. Linksys is contacting users potentially affected by this, but all Smart Wi-Fi accounts should have been locked as a precautionary measure.
However, if you were hit with this attack and some malware changed your router’s DNS settings to point you to bogus websites, Linksys will revert these settings to normal for you. It’s still good to check these settings yourself, which you can do via your router’s administration page (or accompanying app).
It’s also wise to check your various accounts through “Have I Been Pwned?” and make sure to change any passwords that use the same login info as your Linksys account. Using unique passwords for every app, website or service provider you use might sound tedious, but it’s a necessary strategy for mitigating unwanted account access. And besides, you can always use an encrypted password manager so you don’t have to memorize and type out dozens of unique logins. (Oh, and don’t forget to turn on two-factor authentication whenever possible.)
The last step to take is to install a reliable antimalware app on all devices connected to your wifi network and scan for any potential malware that may have been downloaded due to the hack. As always, never download or run files that you weren’t expecting to receive—especially if they magically came flying through your browser when you were trying to access an normal website like disney.com or netflix.com.