Trove of Adobe user data found on Web after breach: Security firm

Monday, 11 November 2013 00:00 -     - {{hitsCtrl.values.hits}}

REUTERS: A computer security firm has uncovered data it says belongs to some 152 million Adobe Systems Inc (ADBE.O) user accounts, suggesting that a breach reported a month ago is far bigger than Adobe has so far disclosed and is one of the largest on record. LastPass, a password security firm, said on Thursday that it has found email addresses, encrypted passwords and password hints stored in clear text from Adobe user accounts on an underground website frequented by cyber criminals. Adobe said last week that attackers had stolen data on more than 38 million customer accounts, on top of the theft of information on nearly 3 million accounts that it disclosed nearly a month earlier. The maker of Photoshop and Acrobat software confirmed that LastPass had found records stolen from its data center, but downplayed the significance of the security firm’s findings. While the new findings from LastPass indicate that the Adobe breach is far bigger than previously known, company spokeswoman Heather Edell said it was not accurate to say 152 million customer accounts had been compromised because the database attacked was a backup system about to be decommissioned. She said the records include some 25 million records containing invalid email addresses, 18 million with invalid passwords. She added that “a large percentage” of the accounts were fictitious, having been set up for one-time use so that their creators could get free software or other perks. She also said that the company is continuing to work with law enforcement and outside investigators to determine the cost and scope of the breach, which resulted in the theft of customer data as well as source code to several software titles. The company has notified some 38 million active Adobe ID users and is holders of inactive accounts, she said. Paul Stephens, director of policy and advocacy for the non-profit Privacy Rights Clearinghouse, said information in an inactive database is often useful to criminals.

COMMENTS