Adobe security breach worse than originally thought
This month’s security breach at Adobe is turning out to be much more widespread than the company first let on. At least 38 million users have been affected by the early October incident.
When Adobe announced the breach on October 3, it said that attackers stole user names and encrypted passwords for an undisclosed numbers of users, along with encrypted credit or debit card numbers and expiration dates for 2.9 million customers. Krebs on Security now reports on the full extent of the attack, confirming the 38 million figure with Adobe.
The total damage could go beyond 38 million users if a recent file dump at AnonNews.org is any indication. According to Krebs on Security, the 3.8GB file includes more than 150 million usernames and hashed passwords, all taken from Adobe. The same file also apparently turned up on a server with the other stolen Adobe data.
Adobe says that 38 million active users users were affected, whereas the other usernames and passwords could include inactive IDs, test accounts and IDs with invalid passwords. However, Adobe is still investigating, and given the tendency of users to repeat the same usernames and passwords across multiple Web services, inactive account holders could still face a security risk. Adobe is trying to notify inactive users of the breach, and has already reset passwords for active users who were affected.
To read this article in full or to leave a comment, please click here
http://www.macworld.com/article/2059002/adobe-security-breach-worse-than-originally-thought.html#tk.rss_all
