I get a daily Rabbitgram email from The Rabbit Agency, a UK social media agency that sends me a pick of the day’s social media and tech news links.
This morning one of the items in the Rabbitgram was this:
#7 – Over 150m breached records from Adobe hack have surfaced online (The Verge)
Surfaced? Surfaced where?
I knew Adobe had been hacked. Not only had I read about it on several websites, I had received a ‘precautionary’ reset password email from Adobe.
Adobe had said that around 3 million login credentials had been stolen. Other sources said the number was around 38 million. Now the Verge was saying it was 150 million and that:
according to Paul Ducklin at Naked Security, a database of Adobe user data has turned up online at a website frequented by cyber criminals.
Oh I see, the hackers published the hacked information on a site frequented by cyber criminals. Great, just what I and 150 million other users need.
The Verge article mentioned that:
LastPass has set up an online tool to quickly find out if your email address is listed in the massive database.
I changed my password as soon as I got the prompt from Adobe after the hack, so there was nothing new I would be revealing.
And I know LasPass is an upright outfit, so I didn’t worry too much about putting a valid email address into their search tool to see whether the address and password had been compromised in the Adobe hack.
I tried the tool with the email address that I signed into Adobe with. And I tried it with a fake address that I doubted anyone had, to see what that would bring up.
A fake email that I doubt anyone has:
So the funny (not amusing) thing is that Adobe goes through all these encryption somersaults to make sure no one steals their products. They move to a subscription-based model to prevent people circulating ripped copies of their software – and then according to Paul Ducklin of NakedSecurity they use weak encryption methods to protect customer data.
The article by Paul Ducklin is well worth reading and I recommend you do so because it is probably the nearest that most of us will get to a clear exposition of how to and how not to encrypt passwords.
Adobe must be very embarrassed. I don’t have an account. The whole password issue has become a hassle — so many to keep track of.
LikeLike