Educause Security Discussion
mailing list archives
Re: FYI - Adobe account compromise
From: Brian Helman <bhelman () SALEMSTATE EDU>
Date: Thu, 7 Nov 2013 14:40:27 +0000
There's an excellent description at sophos.com/adobe and on this week's Security Now podcast.
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Andrew Daviel
[advax () TRIUMF CA]
Sent: Wednesday, November 06, 2013 4:20 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] FYI - Adobe account compromise
Per http://xkcd.com/1286/ and others, hackers have leaked 130 million
user records from Adobe, containing email address, 3DES encrypted
password, and hint, with lines like:
63498551-|--|-mxxxxxxx () wisc edu-|-eYxxxxxxxxxxxxx==-|-kunsan cutie|--
2 million of these are .edu addresses
From what I have read, the passwords are encrypted using a symmetric key
but the key is unknown. For now. As a mailing list for spam, it needs
All that user education is having some effect, at least.
The most popular password is now "123456", an improvement over
"12345" a couple of years ago and "1234" before that.
Password reset: https://www.adobe.com/ca/account/sign-in.adobedotcom.html
I'm not sure it's really a big cause for concern, though I guess a lot of
people use the same password for everything and there's their password
hint "dog's name" sitting out there. The etymology of user names on
Hotmail should we worth a sociology paper or two.
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
Network Security Manager