Facebook & Others Help Users Hit by Adobe Data Breach

[Guest]

Analysis of the leaked Adobe account data helps other websites shore up their own security and protect your own.

Facebook & Others Help Users Hit by Adobe Data Breach : Read more

 

[slomo4sho]

The fact that other sites are aware that you are using the same log in information...

 

[razor512]

The fact that other sites are able to do this, means that they are using the same weak encryption, or likely no encryption at all.

When a site restricts the max length of a password, or character types, it generally means that they are likely storing your passwords in some sql server completely unencrypted.

If a website is properly salting and encrypting your passwords, then they should have no way of determining what your password is. or even if 2 people on the site have the same password as proper encryption creates a new hash each time the came exact text is encrypted.

a billion people could have a password of 1234, and every single hash would be different.

For even more security, the salt can be stored on a separate server, though it is not a requirement, but a salt prevents a precomputed attack on a users password, as each user will have a different salt, thus they will be forced to brute force every single hash, and likely never crack any reasonably long and properly random password.

If a site is able to tell you your password, it means they are not securing your data. (if they can e-mail you your password, it is a red flag that they are not even encrypting your password.

if your bank does any of this, then switch banks.

 

[f-14]

this sounds like a perfect benchmark tool:
"To check the data yourself would require you to download the 3.4-gigabyte dataset (it's available in several places online) and perform a potentially time-consuming search that would temporarily eat up your machine's processing power."

 

[pepe2907]

Yep, that already happened to me. Wasn't really happy about it.

 

[reactive]

Just consider that Adobe now force you to hand over credit card details to them, since you can't buy boxed CS products any more. How I despise Adobe!

 

[Niva]

I love Photoshop, but Adobe has been the source of much hacks over the years, especially Adobe reader. They seriously have got to get their sheite together, such a big company and they fall to this?

 

[ddpruitt]

@razor512 Before you get all Fox news A) read the article B) research encryption so you know why Facebook doesn't need the original password to see if you're using the same one as for Adobe C) Please don't spout misinformation until you get a firm grasp of the facts

At this point given all the security breaches I say that any company storing a username/password combination should be required to provide you with the details of the security mechanisms in place. Seriously, how many websites still use MD5 and reversible encryption? Security today needs to be one of the first things considered not an afterthought.