First and foremost, this is Veterans' Day in the US. Let's take a moment to thank all of those who served and who still serve, and honor the memory of those who gave their all. Businesses are offering special deals to veterans today -- nice gesture, but let's remember them everyday. Thank you for your service.
Now, back to the business of privacy.
Today's entry is by Mintz Levin's Adam Veness and adds still more color to the Adobe data breach. Motto for the day: People, change your passwords!
As we previously reported here and here, Adobe revealed last month that it suffered a massive data breach. Initially, Adobe reported that information for 2.9 million customers was compromised. Last week, Adobe announced that attackers had stolen data on more than 38 million customers. Now, password security firm LastPass is reporting that it has uncovered data it says belongs to 152 million Adobe Systems Inc. user accounts.
Adobe spokeswoman Heather Edell responded to the claim and explained that 152 million is not an accurate number because the database that was attacked was a backup system that was about to be decommissioned. She commented that the 152 million included roughly 25 million records containing invalid email addresses and 18 million records with invalid passwords. She further noted that many of the accounts were fictitious and set up by users to gain access to free software.
Whatever the real number of breached accounts, we can be sure that the depth of this breach is still being uncovered. One positive coming out of the breach is that it has provided a snapshot of some of the most commonly used passwords, and by extension, the passwords everyone should avoid.
Based on the information that was released and Adobe’s relatively simple password encryption, Jeremi Gosney, from the security firm Stricture Consulting Group, has provided a list of the top 100 most commonly used passwords released in the breach (note that this list was compiled based on the 38 million record breach and not the more recent 152 million record breach). Here are the top 10 passwords:
This is a reminder to follow the tips for building strong passwords that were previously provided by David Sherry, Chief Information Security Officer at Brown University.
Stay tuned as this breach continues to unfold.