SD Times Blog: Passwords stolen in Adobe breach were encrypted, not hashed

Rob Marvin
November 5, 2013 —  The millions of passwords stolen by hackers in the massive breach of Adobe reported last month were not stored using best practices for security, making them easier to crack.

(Adobe breach compromised more than 38 million users)

Adobe admitted the passwords stolen were not hashed, but encrypted, making them more vulnerable to brute-force cracking attempts. The hackers breached a backup system that had not been upgraded with current password protection.

"This system was not the subject of the attack we publicly disclosed on Oct. 3, 2013. The authentication system involved in the attack was a backup system and was designated to be decommissioned,” Adobe spokesperson Heather Edell told CSO. “The system involved in the attack used Triple DES encryption to protect all password information stored.”

(What was reported earlier: Adobe deals with data breach affecting 2.9 million customers)

Related Search Term(s): Adobe, security

Share this link:

SD Times Blog: Adobe deals with data breach affecting 2.9 million customers
It took the company two months to find (and admit to) the breach; stolen material included customer info and source code Read More...

News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>



Download Current Issue

Need Back Issues?

Want to subscribe?