Home page logo

educause logo Educause Security Discussion mailing list archives

FYI - Adobe account compromise
From: Andrew Daviel <advax () TRIUMF CA>
Date: Wed, 6 Nov 2013 13:20:05 -0800


Per http://xkcd.com/1286/ and others, hackers have leaked 130 million user records from Adobe, containing email address, 3DES encrypted password, and hint, with lines like:

63498551-|--|-mxxxxxxx () wisc edu-|-eYxxxxxxxxxxxxx==-|-kunsan cutie|--

2 million of these are .edu addresses

From what I have read, the passwords are encrypted using a symmetric key
but the key is unknown. For now. As a mailing list for spam, it needs washing, badly.

All that user education is having some effect, at least. The most popular password is now "123456", an improvement over
"12345" a couple of years ago and "1234" before that.
Per http://stricture-group.com/files/adobe-top100.txt

See also
Password reset: https://www.adobe.com/ca/account/sign-in.adobedotcom.html

I'm not sure it's really a big cause for concern, though I guess a lot of people use the same password for everything and there's their password hint "dog's name" sitting out there. The etymology of user names on Hotmail should we worth a sociology paper or two.

Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
Network Security Manager

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]