Today's entry is by Mintz Levin's Adam Veness and adds still more color to the Adobe data breach. Motto for the day: People, change your passwords!
As we previously reported here and here, Adobe revealed last month that it suffered a massive data breach. Initially, Adobe reported that information for 2.9 million customers was compromised. Last week, Adobe announced that attackers had stolen data on more than 38 million customers. Now, password security firm LastPass is reporting that it has uncovered data it says belongs to 152 million Adobe Systems Inc. user accounts.
Adobe spokeswoman Heather Edell responded to the claim and explained that 152 million is not an accurate number because the database that was attacked was a backup system that was about to be decommissioned. She commented that the 152 million included roughly 25 million records containing invalid email addresses and 18 million records with invalid passwords. She further noted that many of the accounts were fictitious and set up by users to gain access to free software.
Whatever the real number of breached accounts, we can be sure that the depth of this breach is still being uncovered. One positive coming out of the breach is that it has provided a snapshot of some of the most commonly used passwords, and by extension, the passwords everyone should avoid.
Based on the information that was released and Adobe's relatively simple password encryption, Jeremi Gosney, from the security firm Stricture Consulting Group, has provided a list of the top 100 most commonly used passwords released in the breach (note that this list was compiled based on the 38 million record breach and not the more recent 152 million record breach). The full list of 100 passwords can be found here, but here are the top 10 passwords:
- 123456
- 123456789
- password
- adobe123
- 12345678
- qwerty
- 1234567
- 111111
- photoshop
- 123123
This is a reminder to follow the tips for building strong passwords that were previously provided by David Sherry, Chief Information Security Officer at Brown University.
Stay tuned as this breach continues to unfold.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
