Adobe hack might be worse than thought: Report

A few weeks ago Adobe warned customers they had to change passwords to their accounts because sophisticated attacks on its network accessed customer information of some 2.9 million people as well as source code for a number of products.

The data include names, encrypted credit or debit card numbers. At this point, the notice said, Adobe didn’t believe unencrypted data was removed. Customers were told they’d have to change their passwords, just to be safe.

But according to a report in Ars Technica, Adobe made a mistake in the way it held customer passwords: It used reversible encryption on the stolen customer file, meaning that thieves could unscramble the encryption and access the data.

By contrast best practices call for stored passwords to be protected by one-way cryptographic hashing algorithms, the article says.

Author Dan Goodin acknowledges breaking the encryption won’t be easy, he quotes one expert as saying  hackers may have one thing going for them in the way Adobe did the encryption.

The article does quote Adobe saying the authentication system attacked was a backup system, not a newer system that uses other security techniques.

One lesson for those responsible for IT security is to make sure your organization is following best practices.

Read the whole article here

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web