Saturday 23 November 2013

Adobe hack

Everyone is writing about the Adobe hack, where 150 million email addresses, encrypted passwords, and password hints were stolen, and some may consider it old news, as it happened in October.

However, over the last couple of days it is showing new life - Mainly because while the 10 GB text file was a little bit difficult to find before, it is now easily accessible to anyone who knows how to ask Google nicely. Also, Facebook, Evernote, and a couple of other large companies recently contacted users who may have used the same password in more than one place.

I don't remember signing up for an Adobe account, but my email address is in the list. I strongly advise that you go to https://lastpass.com/adobe/ and type in your email address(es) to check if yours was included, too. Do this whether or not you think you have an Adobe account. If you think you may have used the password on any other site, change it ASAP. Change it to something unique.

Some people are finding entertainment value hidden the hack: there was a particularly good xkcd cartoon about it, which one Ben Falconer decided to implement, allowing you to play at solving real crossword puzzles, using people's passwords as answers and their password hints as clues.

150 million is a big number. Really big. In fact, it's hard to comprehend exactly how big it is, and I was far more shocked by the number of students and lecturers from Rhodes University (several hundred) who appeared in the list than by the total number. Looking at the number of people who used "bank password", "same as bank password", or simply "bank" as a password hint (many thousands) also helps one realise how big 150 million is. Everyone with any sense is constantly advising everyone else to not use reuse passwords, ever. Everyone else is constantly ignoring them. But hopefully at least some people were have learnt their lesson.

And I really hope that Adobe learnt theirs.

No comments:

Post a Comment