Privacy Monday – November 11, 2013

First and foremost, this is Veterans’ Day in the US. Let’s take a moment to thank all of those who served and who still serve, and honor the memory of those who gave their all. Businesses are offering special deals to veterans today — here’s a good list. Nice gesture, but let’s remember them everyday. Thank you for your service.

Now, back to the business of privacy.

Today’s entry is by Mintz Levin’s Adam Veness and adds still more color to the Adobe data breach. Motto for the day:  People, change your passwords!

As we previously reported here and here, Adobe revealed last month that it suffered a massive data breach.  Initially, Adobe reported that information for 2.9 million customers was compromised.  Last week, Adobe announced that attackers had stolen data on more than 38 million customers.  Now, password security firm LastPass is reporting that it has uncovered data it says belongs to 152 million Adobe Systems Inc. user accounts.

Adobe spokeswoman Heather Edell responded to the claim and explained that 152 million is not an accurate number because the database that was attacked was a backup system that was about to be decommissioned.  She commented that the 152 million included roughly 25 million records containing invalid email addresses and 18 million records with invalid passwords.  She further noted that many of the accounts were fictitious and set up by users to gain access to free software.

Whatever the real number of breached accounts, we can be sure that the depth of this breach is still being uncovered.  One positive coming out of the breach is that it has provided a snapshot of some of the most commonly used passwords, and by extension, the passwords everyone should avoid.

Based on the information that was released and Adobe’s relatively simple password encryption, Jeremi Gosney, from the security firm Stricture Consulting Group, has provided a list of the top 100 most commonly used passwords released in the breach (note that this list was compiled based on the 38 million record breach and not the more recent 152 million record breach).  The full list of 100 passwords can be found here, but here are the top 10 passwords:

  1. 123456
  2. 123456789
  3. password
  4. adobe123
  5. 12345678
  6. qwerty
  7. 1234567
  8. 111111
  9. photoshop
  10. 123123

This is a reminder to follow the tips for building strong passwords that were previously provided by David Sherry, Chief Information Security Officer at Brown University.

Stay tuned as this breach continues to unfold.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin - Privacy & Security Matters | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.