Adobe’s database of users got hacked recently. When this was first announced, Adobe stated that the estimated number of users whose information was leaked was around 2.9 million. After the dust settled, it turned out that approximately 150 million people were affected. It’s a good idea to check and see if you are affected by this security breach.
When I first heard about this, I was surprised in two ways.
The first surprise was that the hack was made possible because of Adobe not following standard data security protocol. Password hints (created by each user, to prompt remembering the password in case it was forgotten) were stored in plain text. And some people (those not aware of the security implications) just made the hint the same as the password – which is the same effect as having no password. And Adobe’s password creation rules allowed this. Inexcusable for any online company – but for a company the size of Adobe, it’s just unimaginable.
The second surprise was when I found out that I have an account at Adobe. I really don’t recall actually making any purchases or creating an account at Adobe.com but apparently at some time I did, because my email address was one of the ones included in the user information leak.
How to check your email against the Adobe database of leaked user data
There’s an easy way to check to see if your email address was affected. A website has been created, in which you can enter your email address. It is then compared to the 150 million emails that were leaked (along with the corresponding data) and it will tell you if your email is included in that database. Check it here. This is how simple it is:
And this is what it looks like if your email is in the list:
I changed my password to a long, secure one which is now stored safely in LastPass.
What should you do to make sure you’re safe? Two things:
1. Check your email at the link mentioned above. If your email comes up as found, go to Adobe.com and reset your password to a new, unique password.
2. If your account at Adobe.com used a password that was used at any other website, you need to change your password at any site that uses that particular password. For example, if your email address is firstname.lastname@example.org and your password at Adobe.com was “password123”, chances are you used that same password at other sites. Those all need to be changed. It’s pretty easy for anyone that gets the data from the Adobe security breach to figure out that you probably use the same email and password for your email account, your Paypal account, your Amazon account, your eBay account, etc.
Most importantly, going forward, always use a strong password every time you create an account. And by “strong” I mean one that you have not used at any other account, it’s not a pronounceable word, and it’s just a long series of random numbers, upper and lower case letters, and characters such as $ and &. And don’t say “But I’ll never remember that!” because you don’t have to. Let LastPass create them and remember them for you.
And for your entertainment – listed below are the top 50 most common passwords used by Adobe customers. The “Count” column is how many Adobe customers actually used that password (you can see the list of the top 100 here).
It’s kind of funny when you think about it – for example, look at #46. You know a lot of people thought, “Hey, I’m going to be pretty clever and use 1qaz2wsx as my password – bet no one else would think of that”. (To see how they came up with this, look at the pattern on your keyboard.) But in reality, 22,179 other Adobe customers had the same “original” thought. And that’s just from Adobe’s customer list. That password is most likely used hundreds of thousands of times at various places across the internet.