Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks

If you thought the Adobe hack was bad, you should see the user data

Posted by Alan at 11:57 AM on November 9, 2013

Computer securityBy now you have likely heard of the attack on Adobe — the one that seemed to grow worse with each new bit of information. What started out sounding like a problem quickly deteriorated into disaster. Originally said to affect some three million customers, the number swelled to 38,000,000 and finally landed at 150,000,000.

But there were bigger concerns than just just that — security firm Sophos analyzed the compromised data and released a case study of its findings. The results are staggering, in terms of what it revealed about the average computer user.

Sophos lodged an almost immediate complaint regarding the situation — “One of our complaints was that Adobe said that it had lost encrypted passwords, when we thought the company ought to have said that it had lost hashed and salted passwords”, the security firm states in the report.

Then the data analysis begins. The number one password, used by 1.9 million customers, was “123456″, while “password” followed in second place. Appearing at the 25th slot on that list was “LetMeIn”. You can’t make this stuff up, folks. One user’s password hint read “try: qwerty123″, while another user cryptically stated his hint as “rhymes with assword”. The sad list goes on.

Sophos points out that “With very little effort, we have already recovered an awful lot of information about the breached passwords, including: identifying the top five passwords precisely, plus the 2.75% of users who chose them; and determining the exact password length of nearly one third of the database”.

Image Credit: Bigstock