Facebook warns dual users of Adobe and Facebook to change passwords
Posted by: Timothy Weaver on 11/15/2013 04:59 PM [ Comments ]
Facebook, in light of the recent breach of Adobe, is using that list published by the hackers to warn its users to change their passwords.
Investigative reporter Brian Krebs reports that Facebook is proding its users who used the same email and password combinations on Adobe to not only change their passwords, but to start using the additional security questions.
A screenshot of the warning can be found here.
Facebook representative Chris Long explained:
"I work at Facebook on the security team that helped protect the accounts affected by the Adobe breach," Long explained in an email. "Brian’s comment above is essentially spot on. We used the plaintext passwords that had already been worked out by researchers. We took those recovered plaintext passwords and ran them through the same code that we use to check your password at login time.
"Like Brian’s story indicates, we’re proactive about finding sources of compromised passwords on the internet. Through practice, we’ve become more efficient and effective at protecting accounts with credentials that have been leaked, and we use an automated process for securing those accounts."
Adobe had first reported that the password data of three million customer credit card records, as well as undetermined volume of user accounts login credentials. It has since increased that total to 38 million users.
However, when the list was published or leaked, it had the contents of 150 million credentials. Leaked information includes internal ID, user name, email, encrypted password and password hints.
You can see the list of top 100 passwords here.
A screenshot of the warning can be found here.
Facebook representative Chris Long explained:
"I work at Facebook on the security team that helped protect the accounts affected by the Adobe breach," Long explained in an email. "Brian’s comment above is essentially spot on. We used the plaintext passwords that had already been worked out by researchers. We took those recovered plaintext passwords and ran them through the same code that we use to check your password at login time.
"Like Brian’s story indicates, we’re proactive about finding sources of compromised passwords on the internet. Through practice, we’ve become more efficient and effective at protecting accounts with credentials that have been leaked, and we use an automated process for securing those accounts."
Adobe had first reported that the password data of three million customer credit card records, as well as undetermined volume of user accounts login credentials. It has since increased that total to 38 million users.
However, when the list was published or leaked, it had the contents of 150 million credentials. Leaked information includes internal ID, user name, email, encrypted password and password hints.
You can see the list of top 100 passwords here.
Comments