Adobe login credential theft

At the beginning of October, Adobe notified its customers of the theft of about 2.9 million account credentials.

To reset your Adobe password, you can visit the following site.

Today, we see that this number has expanded to 155 million accounts, and that the passwords were stored in an encrypted database.  Weaknesses are being identified in the encryption scheme, and it is widely viewed as only a matter of time before the clear text passwords are fully recoverable.

Adobe sent out an email to let people know that they needed to change there passwords.  A lot of people didn't even know they had an Adobe account, and may have ignored it entirely.  This is fine since Adobe locked out the old passwords, so their accounts couldn't be compromised.

The real issue is for people who reuse their passwords.  This practice is frequently discouraged by security professionals, but nonetheless it continues to happen.  So, although malicious hackers won't be able to break into a users Adobe account, they may try the same username and password for a Facebook account, or a banking account, or as University credentials.

So, if you have an Adobe account, and the password you used for it is in anyway related to your other passwords, now is the time to correct the situation and change your passwords.  We recommend using a password safe (a few are listed here and not re-using passwords for any sites.