Adobe password theft – and how it affects you

In early October 2013 Adobe's systems were compromised by hackers and as a result a dataset containing more than 153 million email addresses and passwords was stolen and made publicly available.

While the passwords were stored in an encrypted format, the dataset also contained all of the associated password hints that the users had provided as an aid for them to remember their own password at a later time.

Unfortunately, all these password hints were not encrypted in any way and as a result of the  hack are now available in the public domain.

Worse still, the encryption method used to store the passwords was not up to industry standards nor was it following normal best practices.

Normally passwords would be encrypted in such a way that two identical passwords for two different users would be stored as two different encrypted strings. This way it would not be easy to see that the two users are both using the same password, in case the encrypted passwords were stolen.

However, Adobe chose to store all passwords in a predictable encrypted format and when the user and password data was stolen it soon became clear that it was very easy to identify users who were using the same password.

This, combined with the fact that password hints were stored in clear text, now has the effect that even if you as an Adobe user did not provide a password hint, any other user, who is using the same password and who did provide a password hint, is now effectively a threat to your account security.

This threat is compounded by the fact that many if not most users are reusing their passwords to access multiple systems and services via the Internet.

As a consequence, any other system or service you as an Adobe user may be accessing should now be considered compromised as well.

It is therefore very important that you change your passwords on all sites that you normally use, if you suspect that someone could have guessed or cracked your password as a result of the Adobe security breach.

To help you evaluate how exposed you may be from the Adobe security breach, Topsec Technology have developed a tool that enables you to find out if your email address was leaked as part of the hack.

The tool also shows you how many other accounts are using the same password as you and how many hints are available to aid in the guessing of your password. Remember that even if you did not provide a hint, other users using the same password as you may have and as such pose a threat to you.

You can access the tool here: http://adobetool.topsectechnology.com

If your email address is part of the leaked data you should be aware that you may also become the target of phishing and general spam attacks.

Topsec Technology provide the Blockmail email security service, which effectively protects you and your email from phishing, spam and viruses as well as many other forms of malicious email content.

To learn more about the Blockmail email security service or any of our other IT security services, phone us on (01) 466 0686 or email support@topsectechnology.com

You can also visit our website at http://www.topsectechnology.com