The data breach at Adobe Systems Inc. is turning out to be worse than previously reported. Back in early October, Adobe announced that approximately 3 million accounts were compromised and that these “sophisticated” attacks accessed customer IDs, encrypted passwords, and other personally identifiable information. Additionally, Adobe announced that source code from multiple products had been stolen, including Adobe Photoshop, the widely popular tool for photographers. Fast forward a couple of weeks and the actual amount of compromised accounts is more than 13 times the original 3 million. That’s over 38 million Adobe accounts.
To the casual reader it would appear that since the passwords were encrypted, everything would be fine. But unfortunately, that is not the case. According to Marcus Carey, a former investigator with the National Security Agency, the Adobe attackers may have been able to access them in plain text by one of several methods, including breaking the algorithm that Adobe used to scramble them. (From http://www.reuters.com/article/2013/10/29/us-adobe-cyberattack-idUSBRE99S1DJ20131029)
And since many people use the same password for multiple accounts, including accessing their workstation via Active Directory, you need to wonder “is the rest of my (and my organization’s) sensitive information safe?”
As we wait for Adobe to complete their investigation on this data breach, hopefully, other organizations take note of this event. Regardless, STEALTHbits is here and ready to answer your questions on how to discover and govern access to your organization’s most critical digital assets. Contact Us today!