Skip to main content

Facebook advises password resets following Adobe hack

More than a month after Adobe suffered a massive security breach, Facebook is pushing users to update their password and security settings.

Though Facebook was not directly involved in the Adobe hack, the social network is taking precautions for those members who used the same email and password sequence for Facebook and Adobe.

"We actively look for situations where the accounts of people who use Facebook could be at risk — even if the threat is external to our service," a Facebook spokesman said. "When we find these situations, we present messages to people to help them secure their accounts."

According to that notice, users must answer additional security questions and change their password.

Early last month, Adobe revealed that it had recently suffered a massive security breach which compromised the IDs, passwords, and credit card information of nearly 3 million customers, as well as login data for an undetermined number of accounts.

The organisation later amended its estimate, increasing the original number from nearly 3 million to 38 million.

Facebook security engineer Chris Long chimed in on Krebs's blog, offering behind-the-scenes clarity about the situation:

"We used the plaintext passwords that had already been worked out by researchers," he explained. "We took those recovered plaintext passwords and ran them through the same code that we use to check your password at login time."

"We're proactive about finding sources of compromised passwords on the Internet. Through practice, we've become more efficient and effective at protecting accounts with credentials that have been leaked, and we use an automated process for securing those accounts," Long said.

Additionally, Krebs reported on Monday that Adobe appears to have used a single encryption key to scramble all of the leaked user credentials. If so, anyone able to hack Adobe's decryption key will gain immediate access to every password in the database.

Last week, analysts examining the data dump pulled from Adobe's servers by hackers revealed that "123456" tops the most-used password list.