Adobe Password Resets Definite Cause For Concern
A guest article by Kevin Yank
Update: we recently held a Google hangout on this topic – see a recording of it below.
As a digital photographer, you have probably used Adobe software (be it Photoshop or Lightroom) to manage, tweak, or publish your photos at one time or another. If so, chances are you’ve also received an email like this one in the past few weeks:
Adobe is sending this message to just about everyone
If you’re thinking this might be cause for concern, you’re right. When I’m not out shooting photos with my trusty Panasonic GX1, I work on a site called Should I Change My Password, which tracks password security breaches, and I can tell you they don’t come much bigger than this one.
When we discovered the Adobe password database being shared among hackers earlier this month, we were stupefied by the size of the breach. Far greater than the 2.9 million customers Adobe had already announced were affected, the file contained the email addresses of over 152 million people. To give you an idea, the worst breach we had previously encountered contained “only” 34 million customer records.
How could Adobe be claiming only 2.9 million affected customers, you might ask? To hear Adobe tell it, most of the records stolen by hackers were “out-of-date”. Best as we can tell, if you gave Adobe an email address and password when downloading, say, Acrobat Reader ten years ago and haven’t been back since, Adobe figures that losing those details to hackers is no big deal. I beg to differ.
Besides the fact that you can pretty much guarantee every spammer worth his cut-price pharmaceuticals has now added your email address to his distribution list, the method Adobe had used to store your password has been discovered to be insecure. If you used the same password on multiple websites (and let’s face it—ten years ago, who didn’t?) your accounts on those other sites are now at serious risk. Particularly if you used a weak password (such as a date or an English dictionary word), or a password that someone else in those 152 million people might have also chosen (like a pop culture reference), you can pretty much assume hackers will be able to work out your password using the data that Adobe lost.
Pressure from sites like Should I Change My Password has forced Adobe to notify the full list of people in the database, which is why you and most everyone you know has now received an email from Adobe like the one above.
So, what do you do? Well, whether you have received an email from Adobe or not, you should check if your email address(es) have been compromised. Start by visiting Should I Change My Password, where you can check your email address against our database of breached addresses for free.
This is what you will probably see
Assuming your address (and likely your password) has been compromised, you’ll want to follow our 10-step guide (also free!) for what to do if your password has been hacked.
In short, don’t rely on Adobe to provide you with complete information about its own failure to protect your privacy and security. Adobe is in full damage control mode right now, and part of that is playing down the scale of the disaster. Think of the most important account you might have shared your Adobe account’s password with, and take the steps necessary to protect it now.
Kevin Yank is Avalanche’s technology guru. He has a wealth of experience building and managing businesses, and is a world-class developer to boot.
He might know every programming language ever written and types at a thousand words per minute. When he’s not at his computer, he’s writing books, helping to run Impro Melbourne, or playing the latest Assassin’s Creed.
Join us for a special event to discuss this issue!
Next Tuesday December 3rd at 2pm MST (Mountain Standard Time – convert to your time here) Darlene Hildebrandt, our new Managing Editor will be hosting a special LIVE Google Hangout to discuss the Adobe issue.
Here are the details:
- you don’t need any special software to watch us live just click on the link or watch it here when the time comes (the link will become a live YouTube feed)
- if you head over to the actual event page you can RSVP to get a reminder notice when it’s starting
- you can also watch it streaming live on the event page and ask questions of the guest panel
Some of the things to be potentially discussed are;
- how has is effected you as a photographer?
- how do you feel about it?
- have you taken any actions?
- have you contacted Adobe? What has their response been?
- how do you feel about how Adobe has handled it?
These are things we will be discussing. Join us live to listen in and add your comments in the chat.
This is a highly volatile and sensitive issue and the discussion will be carried out in a dignified, respectful manner for all parties involved, including Adobe. Hope to see you there!
Additional resources to help you stay secure!
Here are some additional resources mentioned on the hangout. Do your own due diligence, and play safe on the internet!
- Use spaces in your Windows password for extra security
- Google authenticator – two step verification
- Security breach hits US card processors, bank – even banks are not immune
- Should I Change My Password
- One Password