Skip to main content

Revisiting the Adobe Password Breach | Optiv

January 27, 2014

Although the Adobe password breach happened back in October 2013, organizations could still be vulnerable from the data leaked in the attack. The breach data holds three fields that are of value to the attacker: email address, encrypted password and the (unencrypted) password hint the user set. Of the 153 million records leaked, over 130 million contain non-empty passwords, and 56 million are unique.

How an Attacker Uses the Breach Data

Although Adobe did encrypt their passwords with 3DES, an attacker can still glean the plaintext.

Step 1) The attacker searches for companies of interest using the domain name in the email address. In this example, the attacker identifies yourcompany.com.

Step 2) The attacker searches for every password that matches from the entire database. Below, our attacker finds six accounts that all have the same password.

Step 3) The attacker can now see every user’s hint for that one encrypted password. After a bit of thinking, the attacker could guess what the password was. In this example, it is most likely Marilyn, although it may or may not be capitalized.

Using this methodology, the vulnerability to your organization lies in the following weakness:

  • The compromised account still exists on your network.
  • The user sets the same password for Adobe and your company’s internal infrastructure.
  • The attacker has a way to log into externally facing web applications such as email, corporate VPN, ftp, etc.

The attacker could also use the information as inside knowledge while engaging in social engineering campaign.

Recommendations

Although Adobe’s done a good job in their response to the breach, issuing notifications to each email address contained in the leak, it would be up to each user in your organization to receive that email, read and understand that email and comply with instructions on changing passwords. A user that already engages in password reuse will most likely not comply with these instructions.

Two things you can do immediately to secure your organization:

  • 1.  Download and review the leaked data for any accounts using your company domain names. Once they are found, ensure the user resets their password.
  • 2.  Deploy a two-factor authentication system for externally accessible systems such as email and VPN.

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

June 08, 2018

Incident Management Development

Our experts can help you identify vulnerabilities, develop action and communication plans, and monitor your environment for potential threats.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.