Many of you may be aware of the revelations at the beginning of October that Adobe was the victim of a large scale intrusion into its servers. At the time the company attempted to play it down and stated that the total number of affected accounts stood at a whopping 3 million. Today however we have learned that this number was quite a long way off the mark.
So how many were affected
According to Adobe’s latest statement the total number of compromised accounts is a staggering 38 million. As well as the compromised accounts the attackers managed to access other databases on the Adobe servers and managed to take sensitive source code for several of Adobe’s products. Alongside Photoshop source code, only a small portion reportedly, they also managed to steal code for Acrobat, ColdFusion and ColdFusion Builder.
While this is a shocking development for many it might well be fare more ominous than it appears at first glance. For the company itself this hack means a great deal in terms of the loss of customer trust and also by the loss of the source code. The code taken could potentially be used to generate malicious programs that target some issues within the code of the programs in question. While this depends entirely on many different factors that cannot be quantified here it still remains a concern for some given the widespread use of these programs.
But wait, what about my personal information
Heather Edell, a spokeswoman for Adobe, has tried to reassure the public by announcing that many of the Adobe IDs that were compromised were either invalid, inactive with encrypted passwords or test accounts created by Adobe themselves. This is little comfort for some given the sheer scale of the server break in. Ms. Edell also stated that Adobe is still in the process of determining how many inactive accounts were accessed and will be notifying affected users as soon as possible.
The issue though is highlighted by discussions within the computer security community. The consensus in the security world is that the passwords associated with the accessed accounts are not as secure as Adobe has said. It would take a very short amount of time for a dedicated attacker to crack the encryption methodology used by Adobe to secure the passwords. As many users tend to use the same password for multiple services this in turn opens up the possibility of future break ins to user accounts on other platforms and services.
What can I do to keep my other accounts secure
In order to protect yourself from any potential problems caused by this attack spilling over to other services the first step that needs to be taken is to change your passwords. ideally you would never use the same password for multiple services but sadly many of us do just that for various reasons. What is needed is for people to stop overlooking security online. We would recommend not only changing your passwords right away on all other online services you use it would be a good idea to change them regularly as well. A complete password change on all services should take place as often as is reasonable but ideally once every fortnight or once monthly at least.