View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 6, 2013

Adobe passwords revealed

Are you amongst the clever folk who used 123456?

By Cbr Rolling Blog

Following the news Adobe’s network was breached by hackers who gained access to customers databases, including the details of around 3 million users, a security expert has unveiled the most widely used passwords that were used for accounts.

Unsurprisingly, you don’t even need to be a hacker to work out some of them, with ‘123456’ coming in as the most used, followed by ‘123456789’, ‘password’, and even ‘qwerty’ getting in there.

Jeremi Gosney, who trawled through the database of password cipher text in just three hours, said that: "The password hints were the most telling. An overwhelming number of people took the concept of a password hint too literally, and flat-out provided the password itself as the hint.

"By analysing thousands of password hints per ciphertext, and matching that information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. It took about three hours to determine what the top 100 passwords were with this method."

Security expert Graham Cluely said that: "The truth is that, in a screw-up of colossal proportions, Adobe didn’t protect the password data with a one-way cryptographic hashing algorithm.

"Instead, Adobe encrypted its password data with Triple DES (3DES) in ECB mode – an incredibly poor choice because it always produces the same output if you feed it the same input.

"In short, if you happened to choose the same password as someone else, Adobe will have been storing the byte-for-byte same encrypted ciphertext version of the password for each user.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"Furthermore, the leaked database included users’ plaintext password hints, helping to reveal what the most commonly used passwords were."

adobepass

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU