Print

SD Times Blog: Passwords stolen in Adobe breach were encrypted, not hashed



Rob Marvin
Email
November 5, 2013 —  The millions of passwords stolen by hackers in the massive breach of Adobe reported last month were not stored using best practices for security, making them easier to crack.

(Adobe breach compromised more than 38 million users)

Adobe admitted the passwords stolen were not hashed, but encrypted, making them more vulnerable to brute-force cracking attempts. The hackers breached a backup system that had not been upgraded with current password protection.

"This system was not the subject of the attack we publicly disclosed on Oct. 3, 2013. The authentication system involved in the attack was a backup system and was designated to be decommissioned,” Adobe spokesperson Heather Edell told CSO. “The system involved in the attack used Triple DES encryption to protect all password information stored.”

(What was reported earlier: Adobe deals with data breach affecting 2.9 million customers)




Related Search Term(s): Adobe, security


Share this link: http://sdt.bz/65320
 

close
NEXT ARTICLE
SD Times Blog: Adobe deals with data breach affecting 2.9 million customers
It took the company two months to find (and admit to) the breach; stolen material included customer info and source code Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
APRIL 2014 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?