If you’re an Adobe ADBE customer, you probably received a letter about a security breach. If not, you probably don’t know about it. The event was never front-page news but new information reveals that the breach is massive. Right now, it’s one of the largest ever recorded but if all information proves to be true, it will likely go down as the largest.
Reuters reported that LastPass, a password security firm, looked at an underground site visited by cybercriminals. It found at least 152 million email addresses, encrypted passwords, and password hints displayed in clear text.
The new information is just shy of four times higher than the 38 million figure that Adobe revealed as part of the disclosure.
Adobe downplayed LastPass’s discovery. It acknowledged (without verifying the 152 million number) that the information existed but had an explanation.
According to an Adobe spokesperson, the compromised list is massive but its’ old. The company was planning to decommission the list in the near future. The spokesperson said that the list has about 25 million records but 18 million have invalid passwords.
But even if that’s true, the information is still useful to cybercriminals, Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse told Reuters that even expired account information is useful for “phishing” scams.
Criminals can send email to addresses on file pretending to be the company and ask for personal details.
Related: Eight Interesting Facts about the Twitter IPO
"Potentially it's the website you've forgotten about that poses the greater risk," he said. "What if somebody set up an account with Adobe ten years ago and forgot about it and they use the same password there that they use on other sites?"
According to Joe Siegrist, CEO of LastPass, Adobe failed to follow asecurity technique known as salting, where a code is added to every password after it’s encrypted. This makes it more difficult for hackers to manipulate the data.
The largest attack on record was a 2009 attack on Heartland Payment Systems where 130 million credit card numbers were stolen. In 2011 hackers gained access to 100 million records from the Sony Playstation Network.
If LastPass’s information is correct, this is the largest attack on record.
What may shield Adobe from large-scale fallout is the nature of the data. Since itdoesn’t include financial information, the impact will likely be minimal other than the PR factor.
Disclosure: At the time of this writing, Tim Parker had no position in the companies
mentioned.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
