Another day, another major security breach

Adobe announced a major security breach earlier this week when 3 million customer ID’s and encrypted passwords were stolen prompting them to reset passwords on all those compromised accounts.

To their credit Adobe were quick to act to minimise the risk of the stolen data being used to access their customer accounts, but the larger problem for users is where else have those combinations of ID and password been used? Adobe’s own statement said: “We also recommend that you change your passwords on any website where you may have used the same user ID and password”, but of course this is easier said than done when the vast majority of users stick to the same password across numerous sites.

Whether this stolen data will ever be used to gain access to other systems or services is a point for conjecture, but a strategy of hope for the best, plan for the worst is always prudent. We have certainly changed all our corporate Adobe account passwords today.

Two step verification methodologies like IP verification can remove some of the danger, but a sensible policy on password resets is something that all businesses and users should consider.

Tags: Blog Jobs