Facebook is taking those exposed passwords and searching its system to find users who may have used the same password for Facebook. Those people will be asked to change their passwords.
The password crisis was triggered because Adobe apparently used only one encryption key for all its stored customer passwords, according to Krebs On Security:
What’s more, experts say Adobe appears to have used a single encryption key to scramble all of the leaked user credentials, meaning that anyone who computes, guesses or acquires the decryption key immediately gets access to all the passwords in the database.
The Adobe password hack is causing a huge headache all across the web. At first, it seemed that just a few million passwords had been stolen. But then that estimate increased to 38 million. And Krebs said the total universe of compromised passwords could be as high as 150 million.
So Amazon, Diapers.com and Microsoft are struggling with the same issue: The Adobe password cache is so massive that there are likely multiple millions of users with accounts at other companies who used identical passwords. Because the hackers can match passwords to IDs (email for instance), anyone who used the same password at Adobe for any other online company is now potentially screwed.