Adobe hack much worse than previously thought (x2)

DazJW

DazJW

Suspended / Banned
Messages
782
Edit My Images
No
I've started a new thread for this rather than continuing a previous one because the situation has changed in a way that requires more people's attention and it won't get that with a bumped thread.

Adobe originally said data for around 3 million accounts had been hacked. Then they upped this to 38 million.

There's now a database online which contains 150 million accounts worth of data (Source) and to make matters worse it's stored in a very alarming way - including passwords in poor, repeated encryption and password hints in plain text (Source). There's speculation in that second article about whether credit card information might be equally poorly handled and a comment at the end of it article from someone about suspicious activity on their credit card which suggests it has been.
It's also likely that the 150 million account database is only a partial disclosure of what was retrieved so it's best to assume every account has been compromised even if you haven't had communication from Adobe or got a hit on your e-mail address using the LastPass checker.

If you have, or have ever had, an Adobe account you need to change the password of that account and the password of every single other account that uses that password immediately regardless of whether Adobe has notified you or not. If Adobe had your credit card details you need to monitor your statements very carefully or terminate the card and get a new one.
 
Last edited:
Wow, that's gone up even more. Read an article earlier in the week that said 38m!

I changed my password as a precaution anyway, even though I've changed email addresses (not that Adobe handles those in a particularly graceful manner, both of my email addresses appear to be linked with the account somehow and I can't de-link them). I checked to see if my email address had been compromised (Lastpass have a form that allows you to check) - the old one has, the new one hasn't. :/

Messy frankly, and not terribly well communicated either (Sony were crucified a couple of years back for an arguably less substantial breach). The last thing they needed when trying to convince people to migrate to the cloud.
 
Number45 said:
Wow, that's gone up even more. Read an article earlier in the week that said 38m!
Click to expand...
And often these database releases are only part of what's been taken so I'd expect the number to keep rising.

simonblue said:
I have used them for download trials,but its been a while do you think I would be ok ?
Click to expand...
Unless Adobe actively removes older accounts, your account had been inactive long enough to fall under that hypothetical culling system and you trust Adobe to have removed your data in that event you should act as if your email and password combination are compromised.
 
Last edited:
DazJW said:
And often these database releases are only part of what's been taken so I'd expect the number to keep rising.


Unless Adobe actively removes older accounts (and your account had been inactive long enough to fall under that hypothetical culling system) you should act as if your email and password combination are compromised.
Click to expand...

Thanks just tried,they tell me they have send me an e.mail.

Open the e.mail and it said change password with link,but no link in e.mail :confused:
 
When on my information page, during the loading period, I can see a list of my details at the top. ie, personal profile, address book, payment options, whilst its loading. ( faded). But once loaded, it doesn't show payment options. I want to delete those payment details. Any ideas?

kev.
 
Adobe need prosecuting for this. Big fine and a serious kick up the backside. Its unacceptable.
 
kevshore said:
When on my information page, during the loading period, I can see a list of my details at the top. ie, personal profile, address book, payment options, whilst its loading. ( faded). But once loaded, it doesn't show payment options. I want to delete those payment details. Any ideas?

kev.
Click to expand...
go to your profile i just deleted my credit card from personel details hth mike
 
update just checked go to my adobe under your name then edit details in personel profile hth mike
 
dinorock said:
update just checked go to my adobe under your name then edit details in personel profile hth mike
Click to expand...


Thanks Mike,
That's the odd thing. It doesn't show any payment details. It should be the next section under my address details. But it's not there. :thinking: I have bought CS5 from them in the past. Strange.

Kev.
 
The last time a website was hacked and the password lists published (about 4 years ago) that gave the password hackers an insight into password trends and allowed them to refine thief attacks. That was only 4 million passwords.

Imagine what will happen with the latest password trends and 38 million passwords...
 
thats exactly where i deleted them from and the panel vanished as i confirmed delete. sounds like they don't have your details anymore, weird.
 
kevshore said:
Thanks Mike,
That's the odd thing. It doesn't show any payment details. It should be the next section under my address details. But it's not there. :thinking: I have bought CS5 from them in the past. Strange.

Kev.
Click to expand...
quick update kev just checked and edited my account as the shipping address had been checked "send to a different address" still my details but it had changed always said ship to same as billing
 
This is absolutely terrible by Adobe.

From a personal perspective I am glad I only signed up for a CC trial which didn't require payment details.

I am also glad that I decided some time ago to start using 1Password which meant that the password I used was completely unique.
 
I'm glad I bought lr4 and cs6 from Amazon and didn't have to give adobe my card details.

I wonder if the hackers would be so good as to remind me of my p word so I can change it :)
 
I had the email from Adobe advising me to change my password as my account may have been compromised. I did so immediately. A couple of weeks later I received a all from my banks fraud dept. They suspected my debit card had been hacked ( though nothing amiss ) and I had to have it replaced. Can only assume it was something to do with Adobe.
 
Terrible state of affairs for Adobe. When I got the emails from Adobe I changed things straightaway, including my credit card.

I normally renew my passwords at all places that hold details for me every 1-2 months anyway.
 
simonblue said:
Thanks just tried,they tell me they have send me an e.mail.

Open the e.mail and it said change password with link,but no link in e.mail :confused:
Click to expand...

Click on these words in your email "this link" and all will be revealed!
 
This is why I never put down full details with registration, the only stuff I register fully is things like A) Canon photographic equipment and B) Apple equipment for warranty purposes. Adobe can jog on imho, I use their software but I don't want them to know the ins and outs of my life, I suppose the most severely affected are those who have registered for the cloud side of things. Howcome when Sony were hacked, they were quick about fixing it and rewarded customers for the inconvenience, and made a public worldwide apology, considering Adobe are the market leaders for art / media / photographic software you would think they would step up and say something :D
 
To all those who have deleted their Adobe details...

Do you really think that the details haven't been backed up by the hackers? The stable door may be bolted but the horse is over the hills and far away by the time you deleted.
 
Maggie52 said:
I had the email from Adobe advising me to change my password as my account may have been compromised. I did so immediately. A couple of weeks later I received a all from my banks fraud dept. They suspected my debit card had been hacked ( though nothing amiss ) and I had to have it replaced. Can only assume it was something to do with Adobe.
Click to expand...

That sort of thing is rife.
 
gramps said:
Apparently you can check if your email is one of those hacked here: : https://lastpass.com/adobe
Click to expand...
I don't think anyone should rely on this. It only checks if your email address is in the database that was released (it doesn't mean there isn't a bigger database sitting on the hacker's HDD) and given how the number of people affected has increased twice already it may well increase again.
People have also reported that they've tried email addresses which have never been registered to Adobe and have been told they were in the hack too.

The only sensible thing to do is assume every email, password and credit/debit card associated with an Adobe account was taken and that someone could be logging into any of your accounts that use the same password as your Adobe account, or buying something with your card, right now.
 
Last edited:
DazJW said:
I don't think anyone should rely on this. It only checks if your email address is in the database that was released (it doesn't mean there isn't a bigger database sitting on the hacker's HDD) and given how the number of people affected has increased twice already it may well increase again.
People have also reported that they've tried email addresses which have never been registered to Adobe and have been told they were in the hack too.

The only sensible thing to do is assume every email, password and credit/debit card associated with an Adobe account was taken and that someone could be logging into any of your accounts that use the same password as your Adobe account, or buying something with your card, right now.
Click to expand...

Yes, not to be relied on, or even trusted as far as I'm concerned.

Just tried 2 freshly registered emails I have from domains I've had registered and the all appear on the hacked Adobe DB. Highly improbable I think.

"Your Adobe account was one of the ones that was compromised.

Your email address and encrypted Adobe password were found in the list of stolen Adobe accounts.

Did you know that 1 other people used the same password as you did for their Adobe account? Hackers have their password hints and can use them to guess your password too!

We have sent an email to xxxxxx@xxxxxx.xxx with instructions on how to obtain your Adobe password hint as well as everyone else's password hint who used the same password.

We strongly urge you to follow our recommendations and immediately change your Adobe and related passwords!!"
 
graphilly said:
Companies like lastpass.com must love stuff like this.

I wonder how many emails they harvest for themselves and what they do with them
Click to expand...
I'm not sure they'd need to harvest them through their form when they're all in a publicly released database already.

For what it's worth when I checked mine on LastPass it gave me a password hint that corresponded to the password I was using back when the Adobe site actually had a password hint.

19ninety said:
It is disgusting though that this has happened given their position in the software market.
Click to expand...

They can't really hack-proof themselves but the way the information was (and presumably still is) stored is appalling. They pretty much asked for it to happen with the Creative Cloud change too.
 
Last edited:
DazJW said:
For what it's worth when I checked mine on LastPass it gave me a password hint that corresponded to the password I was using back when the Adobe site actually had a password hint.
Click to expand...

Me too and mine was so unbelievably 'vague' to anyone but me that it had to be genuine.
Although Lastpass do stand to gain from anyone taking up their paid service, by far the majority are going to use their free service, so their gain is probably a lot less than the total value/benefit of the service they provide :shrug:
 
Mine was one of the hacked email accounts which is a bummer.

Luckily a Nigerian prince wants to give me $2 million to help smuggle funds out of the country, so thats made up for it.
 
I have tried to change my password,but the e.mail Adobe send me the link won't work,it's missing :bang:
 
DazJW said:
I'm not sure they'd need to harvest them through their form when they're all in a publicly released database already.

For what it's worth when I checked mine on LastPass it gave me a password hint that corresponded to the password I was using back when the Adobe site actually had a password hint.



They can't really hack-proof themselves but the way the information was (and presumably still is) stored is appalling. They pretty much asked for it to happen with the Creative Cloud change too.
Click to expand...
But this might be seen as more 'legal' and 'ethical' way to do it rather than just steal them.
 
I changed my password, no problem. I CANNOT change my card details though online. I have tried for over a week now. I just keep getting a screen saying their is a problem their end. I tried the online chat, he told me how to do it and directed me to the same screen I had been using for over a week. He then asked which browser I was using. One that didn't have a problem signing up and giving you my details in the first place. He then said there was a problem and advised I phone customer 'care'. I use the word 'care', loosely. I tried and got nothing. Tried again and got Germany because I was on hold so long. The German chap advised I ring back in an hour. I gave up until today. I have now had an email saying my last payment would not go through. Erm, that's because my bank cancelled the card that was registered with Adobe when they discovered the details had all been hacked!!

I have rang again now 3 times, been cut off once and been on hold for a total of 32 minutes (and counting, still on hold)....oh wait....an answer! Will update soon.........

Finally managed to speak to someone who apologised profusely, however, when he put my new card details in, guess what, the bank stopped it!!! AGH!! I was advised to ring the bank. I have done, they have now unblocked my card and I can ring adobe again. Currently on hold (again). Apparently my bank stops a lot of online transactions. The only reason I got a credit card was for online and when I am abroad.

To top it off, I updated to OSX Mavericks which isn't fully compatible with Lightroom 4 that I bought, so now, if I want full functionality of the software I use the most, I have to pay £57 for an upgrade to Lightroom 5.

I have wasted a long time now trying to sort this out.

Adobe are officially the worst company I have ever had to deal with.
 
The joys of security :D
 
From what I've heard the passwords were encrypted in batches and some users had set their password hint to "The Password is xxxxxxxxxxxxxx".

Plaintext and the crypto message stored in the same database.
 
You must log in or register to reply here.
Back
Top