Thursday, November 14, 2013

Facebook temporarily disables profiles as it grapples with 150 million hacked Adobe passwords.

Facebook is asking millions of people to change their passwords if they had an account with Adobe, the content creation and cloud marketing company. Adobe was hacked recently and up to 150 million passwords were exposed.

Facebook is taking those exposed passwords and searching its system to find users who may have used the same password for Facebook. Those people will be asked to change their passwords.

The password crisis was triggered because Adobe apparently used only one encryption key for all its stored customer passwords, according to Krebs On Security:

What’s more, experts say Adobe appears to have used a single encryption key to scramble all of the leaked user credentials, meaning that anyone who computes, guesses or acquires the decryption key immediately gets access to all the passwords in the database.

The Adobe password hack is causing a huge headache all across the web. At first, it seemed that just a few million passwords had been stolen. But then that estimate increased to 38 million. And Krebs said the total universe of compromised passwords could be as high as 150 million.

So Amazon, and Microsoft are struggling with the same issue: The Adobe password cache is so massive that there are likely multiple millions of users with accounts at other companies who used identical passwords. Because the hackers can match passwords to IDs (email for instance), anyone who used the same password at Adobe for any other online company is now potentially screwed.

(click to enlarge)

No comments:

Post a Comment