SlideShare a Scribd company logo

Adobe Security Breach

Download as DOCX, PDF
G
Gaurav Dubey

Adobe Security Breach

Technology
1 of 8
Adobe Security Breach Adobe Systems is one of the big computer application and software firm has recently revealed on 3rd October 2013 that one of the biggest security breach has occurred in their history. Adobe security officer revealed that in the breach, hackers manage to get access to most of the Adobe software and servicesbut especially to Acrobat PDF document-editing software and ColdFusion web application. Adobe has also revealed that the hackers stole parts of the source code to Photoshop, its popular picture-editing program. Adobe Systems have reported that about 2.9 million customer’sdata has been stolen from their website. This includes names contact and details also their credit and debit cards details as well. The information could allow programmers to analyze how Adobe's software works and copy its techniques. Later on, Adobe Systems reported that the no. of users whose data is being compromised is not 2.9 million but it’s actually 38 million which one of the biggest security breach in the history.The diverse customer base of Adobe was being reflected in the database. In the analysis it was found that there were 234,379 military and government email addresses, encrypted passwords and password hints in the compromised database.In total of the 38 million accounts involved in the breach over 2 million accounts were related to educational intuitions. Out of which more than 6,000 accounts were from defense contractors such as Raytheon, Northrup Gruman, General Dynamics and BAE Systems we also found. Also, from the federal side, there were 433 FBI accounts, 82 NSA accounts and 5,000 NASA accounts were compromised in the breach. This breach has also created panic among other big online based companies like Facebook; who immediately alerted their customers after this incident. People usually have the habit of having same password in two or more websites. Facebook doubted that their users may have the same password which they were using on the Adobe Systems website. Many other websites did the same by alert their users of the security breach. Adobe Bad Security Record- Possible reason for the security breach In the last five to six years Adobe has faced some or the other problem related to cyber security. This is an evidence of the fact that the cyber security of the Adobe Systems was not good enough. Their website was always vulnerable and nothing big was really done by them to stop that. Certainly Adobe Systems needed the improvement in their cyber security years ago itself.
2007- Adobe Reader bug allowed hackers access to all the files on people's computers. 2008- More than 1,000 hacked websites infected computers by delivering fake Flash Player updates that posed as CNN news notifications. 2009 - Vulnerability in Reader let hackers open back doors into people's computers. 2010- Attackers created malicious PDF attachments to hack into several companies, including Adobe, Google and Rackspace. 2011-Bug gave hackers remote access to people's computers -- this time in Flash Player. 2012 -Hackers gained access to Adobe's security verification system by tapping into its internal servers. Adobe Flash Player and Acrobat Reader both which are the product of Adobe systems stood in the second place in one of the most vulnerable programs of the fortune 500 companies in 2009. After which Adobe Reader topped in the annual list of vulnerable programs in 2010. In the similar way Adobe Flash Player in the year 2012. Therefore, the recent security breach of the Adobe Systems should not a surprisefor everyone. Although, it one of the biggest breach in Adobe as well as cyber security history.Because of the enormous use of the Adobe products it has become a target for enormous bad guys. Adobe security history suggests that the organization has to take a long, hard look in the mirror. Checking whether your account was a part of Adobe security breach or not and creating a safe password Lookout is a security firmwhich has provided some of the steps which might be helpful in first checking whether your account was a part of Adobe security breach or not. Also, the creation and changing of the password as per the requirement. Following are some of steps which will help in managing your password while dealing with the Adobe security breach:- 1. First step is to visit https://lastpass.com/adobe/ to check whether your account was a part of security breach or not. This can be done just by entering your email id after which it shows the result by comparing with the compromised accounts list.
2. In case you don’t remember that whether you have created any account with Adobe or not. You try to confirm it and reset your password because many of the accounts which were being compromised were inactive accounts as well. This can be done from the following link https://www.adobe.com/go/passwordreset 3. Change the passwords which you have kept same as the Adobe account if any. Otherwise there is a higher probability that if someone has got your Adobe password in the breach; they will easily able to log in the other accounts where you have same password. 4. Setting a password which not easy to guess and which is unique and complex is a good way to deal with such issues. Never use the same password for two or more account is also one of the good practice to be safe. Cause Effect Analysis of Adobe Security Breach
Cause effect diagram of the Adobe security breach is given by a cyber-stuff based firm Selil has explained that how the breach was connected to People, process & policy, technology, processing, transmission and storage & certainly how it has significant impact on all these. How it happened: Breaking of passwords was easy on Adobe It came in light that one out of every six passwords were easily breakable because of the usage of hashing by Adobe which led to mashing up the user with the mathematical algorithm. The company did not apply the level of security required for the passwords not to be broken easily. Hashed version of the password along with the associated email id has been searched on the internet to check the list of the people who are using the same password. There were hundreds of users who were using the same password. It has been found that some of the account has Social Security Number (SSN) as their password. There were thousands of instances in which people wrote a hint for password as same as Facebook or same as bank account. Brian Krebs, an investigating reporter said that it seems Adobe did not put much of the efforts to save their customers precious information. He also said that the approaches used in the most of the organizations including the larger ones are still relying on the older ways of security to protect the password of their customers. What went wrong- probably the 16 characters-Passwords cannot protect us anymore Adobe did not match their password protection up to industry standards because of which hackers were able to exploit that. Also in case of the stored passwords; the users’ password hints were in clear text. Hints used were really weak and easily exploitable by the third parties Hints made the discovery of passwords easy not only for the Adobe account but for the others websites as well. Usage of Paraphrases or long passwords makes it difficult for the hackers to hack. Recycling of the same passwords for multiple places should not be practice for avoiding the hacking of the accounts.
Adobe Systems tries to notify each of his individual customer via email about the same and recommended them to change their password. However, it is still under doubt that all of the Adobe users might have changed their password just by the email notification. There are two probabilities- first it might have been filtered as spam mail and the second being it might have been disregarded as a phishing message. Impact: People who were using same password which they are using for other accounts related to banking, social media, etc. they might be at risk. If things like that happens then it may be lead to anything like fraud banking transactions, illegal activities through social media on the name of someone else or may be damaging your social and personal life. Steps taken by Adobe Systems after the breach Brad Arkin is the Chief Security officer and spoke person for Adobe Systems. He has apologized from the organization side for the same and made an important customer security announcement. These kind of cyber-attacks are the harsh reality of the in today business. He also express regret for customers whose confidential data or credit/ debit card information has been stolen. Some of the steps taken by the organization are:- First thing was as a precaution passwords of all the relevant customers has been reset, in order to avoid any further unauthorized access to the accounts of the valuable customers. The customer’s whose account was involved in the breach will be notified by the email with the instructions for how to reset the password. It was also recommended by Adobe systems to change the password of any account which has the same password as of Adobe account to be on the safer side. Adobe is also in a process to inform the customers whose debit or credit card information was being involved in the breach. If such an information is being involved for any
customer then, then they will receive a notification letter from Adobe with the additional steps other than the password reset for protecting the account against misuse of such kind of information. Apart of this, a special service option of enrolling into one year complimentary credit monitoring membership was made available for the customers whose credit or debit card information was involved. This was one of the crucial steps taken by Adobe to regain their customer trust. Adobe has also notified the banks who process the payments for them. Therefore, they can work with the payment card organization as well the banks to protect their customers’ accounts. Adobe systems have also contacted federal law enforcement and they are assisting in them in investigating the same. Recommendations Following are some of the general recommendations for the Adobe security breach:- 1. Reset your Password For the people who have same password for Adobe and some other accounts; it is highly recommended that they should change their password(s) at the earliest. For the other people who doesn’t have similar password; they should also change their Adobe password to be on the safer side. For changing the password instead of using the email notification try resetting it directly from the website which is much safer. 2. Using LastPass Tool Online tool created by a security firm named LastPass has made it easy to check whether your Adobe account is a part of the security breach or not. You just need to enter your email id
through which you may come to know within few seconds that whether you are a part of the breach or not. 3. Never reuse your password Reuse of the password should not be practiced i.e. never use same password for the two or more accounts for the internet services. Because if you use the same password for two or more accounts chances are that if any one of your account is comprised that the other may also be compromised in no time. The best practice is to use different password for different accounts. Although it’s difficult to do so if you have numerous accounts online but should be ideal to do it. 4. Create a Strong Password Creation of strong password is highly recommended as it’s not easy to guess and probably may not be compromised easily. Always create the strongest password possible as per the guideline of the individual websites. As each website can have certain protocol in terms of accepting of the passwords; so by following those protocols strong passwords needs to created. 5. Unique Password Hint Password hint which is being used for the recovery of the password should be unique so that it can be understood only by the user. It should not be like same as Facebook, pet name etc. because such kind of password hint makes it easy for the hackers to guess the password. In case of Adobe as well many of the passwords are being compromised based on the hint. 6. Password Paraphrasing Passwords should at least 13 characters long; phrasing of passwords can be done instead of usage of words. Paraphrasing usage of passwords making it difficult for hackers to identify the passwords and hence the breach will not happen. Also, the longer password, much more protected you are from hacking.
References 1. Pagliery Jose, Adobe has an epically abysmal security record, October 8, 2013, http://money.cnn.com/2013/10/08/technology/security/adobe-security 2. Threat to Computer Accounts Due to Adobe Security Breach, Champsupport, November 15, 2013, http://champsupport.wordpress.com/2013/11/15/alert-threat-to-computer-accounts-due-toadobe-security-breach 3. Samuel Liles, 2013 Adobe Data Breach (on going analysis), November 4, 2013, http://selil.com/archives/4938 4. Ken Westin, Adobe Breach compromised 234,379 military and government accounts, Nov 13, 2013,http://www.tripwire.com/state-of-security/vulnerability-management/adobe-data- breach-compromised-234379-military-government-accounts/ 5. Lookout, Security Alert: Adobe Password Breach,November 12, 2013, https://blog.lookout.com/blog/2013/11/12/security-alert-adobe-password-breach 6. Adobe hack: At least 38 million accounts breached,30 October 2013,http://www.bbc.co.uk/news/technology-24740873 7. Brad Arkin, Chief Security Officer,Important Customer Security Announcement, http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html 8. Michael York,Adobe’s security breach and the impact to you,November 21, Breach,November 13, 2013,http://www.postmanmojo.com/blog/adobes-security-breach-impact 9. Jay Nancarrow,Facebook Warns Users After Adobe 2013,http://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach 10.Nick Bilton,Adobe Breach Inadvertently Tied to Other Accounts, November 12, 2013,http://bits.blogs.nytimes.com/2013/11/12/adobe-breach-inadvertently-tied-to-otheraccounts

Recommended

Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking SecurityS. M. Shakib Limon
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackrohit2495
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxANIKETKUMARSHARMA3
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 

Recommended

Privacy on Mobile Apps
Privacy on Mobile AppsPrivacy on Mobile Apps
Privacy on Mobile AppsMays Mrayyan
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Social Networking Security
Social Networking SecuritySocial Networking Security
Social Networking SecurityS. M. Shakib Limon
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Seminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackSeminar on yahoo mail cyber attack
Seminar on yahoo mail cyber attackrohit2495
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxANIKETKUMARSHARMA3
 
ICT and end user security awareness slides
ICT and end user security awareness slidesICT and end user security awareness slides
ICT and end user security awareness slidesjubke
 
Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness mphadden
 
Data breach
Data breachData breach
Data breachBurhan Ahmed
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security AwarenessSurya Bathulapalli
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2NetLockSmith
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Computer security priciple and practice
Computer security priciple and practiceComputer security priciple and practice
Computer security priciple and practiceYUSRA FERNANDO
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Web security ppt sniper corporation
Web security ppt sniper corporationWeb security ppt sniper corporation
Web security ppt sniper corporationsharmaakash1881
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threatANKUR BAROT
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password AuthenticationAbha nandan
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlger Hoxha, CISSP CISM
 
Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveBenedek Menesi
 

More Related Content

What's hot

Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness mphadden
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2NetLockSmith
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Computer security priciple and practice
Computer security priciple and practiceComputer security priciple and practice
Computer security priciple and practiceYUSRA FERNANDO
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx1SI19IS064TEJASS
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Web security ppt sniper corporation
Web security ppt sniper corporationWeb security ppt sniper corporation
Web security ppt sniper corporationsharmaakash1881
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threatANKUR BAROT
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password AuthenticationAbha nandan
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 

What's hot (20)

Phishing Awareness
Phishing Awareness Phishing Awareness
Phishing Awareness
 
Data breach
Data breachData breach
Data breach
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2Cybersecurity Awareness Posters - Set #2
Cybersecurity Awareness Posters - Set #2
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber Security
 
Computer security priciple and practice
Computer security priciple and practiceComputer security priciple and practice
Computer security priciple and practice
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Phishing
PhishingPhishing
Phishing
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Web security ppt sniper corporation
Web security ppt sniper corporationWeb security ppt sniper corporation
Web security ppt sniper corporation
 
Cybercrime the emerging threat
Cybercrime the emerging threatCybercrime the emerging threat
Cybercrime the emerging threat
 
Graphical Password Authentication
Graphical Password AuthenticationGraphical Password Authentication
Graphical Password Authentication
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 

Similar to Adobe Security Breach

Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveBenedek Menesi
 
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONSANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONSJournal For Research
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication? Sinch
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityOneLogin
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
eBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From IteBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From ItPerfectCloud Corp.
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfGroovy Web
 
Comvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperComvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperJames Tanner
 
Literature survey on identity management
Literature survey on identity managementLiterature survey on identity management
Literature survey on identity managementVaibhav Sathe
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)Jack Forbes
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET Journal
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...WhoisXML API
 

Similar to Adobe Security Breach (20)

OlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_FinalOlgerHoxha_Thesis_Final
OlgerHoxha_Thesis_Final
 
Microsoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's PerspectiveMicrosoft365 from a Hacker's Perspective
Microsoft365 from a Hacker's Perspective
 
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONSANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
ANDROID APPLICATION FOR PASSWORDLESS LOGIN FOR WEB APPLICATIONS
 
What about Two Factor Authentication?
What about Two Factor Authentication? What about Two Factor Authentication?
What about Two Factor Authentication?
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
eBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From IteBay's Big "Whoops": What Others Can Learn From It
eBay's Big "Whoops": What Others Can Learn From It
 
Heartbleed
HeartbleedHeartbleed
Heartbleed
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for Startups
 
Comvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaperComvigo IM Lock WhitePaper
Comvigo IM Lock WhitePaper
 
Literature survey on identity management
Literature survey on identity managementLiterature survey on identity management
Literature survey on identity management
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)
 
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
IRJET- Security Enhancements by Achieving Flatness in Honeyword for Web u...
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Internet Security Essay
Internet Security EssayInternet Security Essay
Internet Security Essay
 
NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1NWSLTR_Volume7_Issue1
NWSLTR_Volume7_Issue1
 
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
Online Brand Protection: Fighting Domain Name Typosquatting, Website Spoofing...
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Adobe Security Breach

  • 1. Adobe Security Breach Adobe Systems is one of the big computer application and software firm has recently revealed on 3rd October 2013 that one of the biggest security breach has occurred in their history. Adobe security officer revealed that in the breach, hackers manage to get access to most of the Adobe software and servicesbut especially to Acrobat PDF document-editing software and ColdFusion web application. Adobe has also revealed that the hackers stole parts of the source code to Photoshop, its popular picture-editing program. Adobe Systems have reported that about 2.9 million customer’sdata has been stolen from their website. This includes names contact and details also their credit and debit cards details as well. The information could allow programmers to analyze how Adobe's software works and copy its techniques. Later on, Adobe Systems reported that the no. of users whose data is being compromised is not 2.9 million but it’s actually 38 million which one of the biggest security breach in the history.The diverse customer base of Adobe was being reflected in the database. In the analysis it was found that there were 234,379 military and government email addresses, encrypted passwords and password hints in the compromised database.In total of the 38 million accounts involved in the breach over 2 million accounts were related to educational intuitions. Out of which more than 6,000 accounts were from defense contractors such as Raytheon, Northrup Gruman, General Dynamics and BAE Systems we also found. Also, from the federal side, there were 433 FBI accounts, 82 NSA accounts and 5,000 NASA accounts were compromised in the breach. This breach has also created panic among other big online based companies like Facebook; who immediately alerted their customers after this incident. People usually have the habit of having same password in two or more websites. Facebook doubted that their users may have the same password which they were using on the Adobe Systems website. Many other websites did the same by alert their users of the security breach. Adobe Bad Security Record- Possible reason for the security breach In the last five to six years Adobe has faced some or the other problem related to cyber security. This is an evidence of the fact that the cyber security of the Adobe Systems was not good enough. Their website was always vulnerable and nothing big was really done by them to stop that. Certainly Adobe Systems needed the improvement in their cyber security years ago itself.
  • 2. 2007- Adobe Reader bug allowed hackers access to all the files on people's computers. 2008- More than 1,000 hacked websites infected computers by delivering fake Flash Player updates that posed as CNN news notifications. 2009 - Vulnerability in Reader let hackers open back doors into people's computers. 2010- Attackers created malicious PDF attachments to hack into several companies, including Adobe, Google and Rackspace. 2011-Bug gave hackers remote access to people's computers -- this time in Flash Player. 2012 -Hackers gained access to Adobe's security verification system by tapping into its internal servers. Adobe Flash Player and Acrobat Reader both which are the product of Adobe systems stood in the second place in one of the most vulnerable programs of the fortune 500 companies in 2009. After which Adobe Reader topped in the annual list of vulnerable programs in 2010. In the similar way Adobe Flash Player in the year 2012. Therefore, the recent security breach of the Adobe Systems should not a surprisefor everyone. Although, it one of the biggest breach in Adobe as well as cyber security history.Because of the enormous use of the Adobe products it has become a target for enormous bad guys. Adobe security history suggests that the organization has to take a long, hard look in the mirror. Checking whether your account was a part of Adobe security breach or not and creating a safe password Lookout is a security firmwhich has provided some of the steps which might be helpful in first checking whether your account was a part of Adobe security breach or not. Also, the creation and changing of the password as per the requirement. Following are some of steps which will help in managing your password while dealing with the Adobe security breach:- 1. First step is to visit https://lastpass.com/adobe/ to check whether your account was a part of security breach or not. This can be done just by entering your email id after which it shows the result by comparing with the compromised accounts list.
  • 3. 2. In case you don’t remember that whether you have created any account with Adobe or not. You try to confirm it and reset your password because many of the accounts which were being compromised were inactive accounts as well. This can be done from the following link https://www.adobe.com/go/passwordreset 3. Change the passwords which you have kept same as the Adobe account if any. Otherwise there is a higher probability that if someone has got your Adobe password in the breach; they will easily able to log in the other accounts where you have same password. 4. Setting a password which not easy to guess and which is unique and complex is a good way to deal with such issues. Never use the same password for two or more account is also one of the good practice to be safe. Cause Effect Analysis of Adobe Security Breach
  • 4. Cause effect diagram of the Adobe security breach is given by a cyber-stuff based firm Selil has explained that how the breach was connected to People, process & policy, technology, processing, transmission and storage & certainly how it has significant impact on all these. How it happened: Breaking of passwords was easy on Adobe It came in light that one out of every six passwords were easily breakable because of the usage of hashing by Adobe which led to mashing up the user with the mathematical algorithm. The company did not apply the level of security required for the passwords not to be broken easily. Hashed version of the password along with the associated email id has been searched on the internet to check the list of the people who are using the same password. There were hundreds of users who were using the same password. It has been found that some of the account has Social Security Number (SSN) as their password. There were thousands of instances in which people wrote a hint for password as same as Facebook or same as bank account. Brian Krebs, an investigating reporter said that it seems Adobe did not put much of the efforts to save their customers precious information. He also said that the approaches used in the most of the organizations including the larger ones are still relying on the older ways of security to protect the password of their customers. What went wrong- probably the 16 characters-Passwords cannot protect us anymore Adobe did not match their password protection up to industry standards because of which hackers were able to exploit that. Also in case of the stored passwords; the users’ password hints were in clear text. Hints used were really weak and easily exploitable by the third parties Hints made the discovery of passwords easy not only for the Adobe account but for the others websites as well. Usage of Paraphrases or long passwords makes it difficult for the hackers to hack. Recycling of the same passwords for multiple places should not be practice for avoiding the hacking of the accounts.
  • 5. Adobe Systems tries to notify each of his individual customer via email about the same and recommended them to change their password. However, it is still under doubt that all of the Adobe users might have changed their password just by the email notification. There are two probabilities- first it might have been filtered as spam mail and the second being it might have been disregarded as a phishing message. Impact: People who were using same password which they are using for other accounts related to banking, social media, etc. they might be at risk. If things like that happens then it may be lead to anything like fraud banking transactions, illegal activities through social media on the name of someone else or may be damaging your social and personal life. Steps taken by Adobe Systems after the breach Brad Arkin is the Chief Security officer and spoke person for Adobe Systems. He has apologized from the organization side for the same and made an important customer security announcement. These kind of cyber-attacks are the harsh reality of the in today business. He also express regret for customers whose confidential data or credit/ debit card information has been stolen. Some of the steps taken by the organization are:- First thing was as a precaution passwords of all the relevant customers has been reset, in order to avoid any further unauthorized access to the accounts of the valuable customers. The customer’s whose account was involved in the breach will be notified by the email with the instructions for how to reset the password. It was also recommended by Adobe systems to change the password of any account which has the same password as of Adobe account to be on the safer side. Adobe is also in a process to inform the customers whose debit or credit card information was being involved in the breach. If such an information is being involved for any
  • 6. customer then, then they will receive a notification letter from Adobe with the additional steps other than the password reset for protecting the account against misuse of such kind of information. Apart of this, a special service option of enrolling into one year complimentary credit monitoring membership was made available for the customers whose credit or debit card information was involved. This was one of the crucial steps taken by Adobe to regain their customer trust. Adobe has also notified the banks who process the payments for them. Therefore, they can work with the payment card organization as well the banks to protect their customers’ accounts. Adobe systems have also contacted federal law enforcement and they are assisting in them in investigating the same. Recommendations Following are some of the general recommendations for the Adobe security breach:- 1. Reset your Password For the people who have same password for Adobe and some other accounts; it is highly recommended that they should change their password(s) at the earliest. For the other people who doesn’t have similar password; they should also change their Adobe password to be on the safer side. For changing the password instead of using the email notification try resetting it directly from the website which is much safer. 2. Using LastPass Tool Online tool created by a security firm named LastPass has made it easy to check whether your Adobe account is a part of the security breach or not. You just need to enter your email id
  • 7. through which you may come to know within few seconds that whether you are a part of the breach or not. 3. Never reuse your password Reuse of the password should not be practiced i.e. never use same password for the two or more accounts for the internet services. Because if you use the same password for two or more accounts chances are that if any one of your account is comprised that the other may also be compromised in no time. The best practice is to use different password for different accounts. Although it’s difficult to do so if you have numerous accounts online but should be ideal to do it. 4. Create a Strong Password Creation of strong password is highly recommended as it’s not easy to guess and probably may not be compromised easily. Always create the strongest password possible as per the guideline of the individual websites. As each website can have certain protocol in terms of accepting of the passwords; so by following those protocols strong passwords needs to created. 5. Unique Password Hint Password hint which is being used for the recovery of the password should be unique so that it can be understood only by the user. It should not be like same as Facebook, pet name etc. because such kind of password hint makes it easy for the hackers to guess the password. In case of Adobe as well many of the passwords are being compromised based on the hint. 6. Password Paraphrasing Passwords should at least 13 characters long; phrasing of passwords can be done instead of usage of words. Paraphrasing usage of passwords making it difficult for hackers to identify the passwords and hence the breach will not happen. Also, the longer password, much more protected you are from hacking.
  • 8. References 1. Pagliery Jose, Adobe has an epically abysmal security record, October 8, 2013, http://money.cnn.com/2013/10/08/technology/security/adobe-security 2. Threat to Computer Accounts Due to Adobe Security Breach, Champsupport, November 15, 2013, http://champsupport.wordpress.com/2013/11/15/alert-threat-to-computer-accounts-due-toadobe-security-breach 3. Samuel Liles, 2013 Adobe Data Breach (on going analysis), November 4, 2013, http://selil.com/archives/4938 4. Ken Westin, Adobe Breach compromised 234,379 military and government accounts, Nov 13, 2013,http://www.tripwire.com/state-of-security/vulnerability-management/adobe-data- breach-compromised-234379-military-government-accounts/ 5. Lookout, Security Alert: Adobe Password Breach,November 12, 2013, https://blog.lookout.com/blog/2013/11/12/security-alert-adobe-password-breach 6. Adobe hack: At least 38 million accounts breached,30 October 2013,http://www.bbc.co.uk/news/technology-24740873 7. Brad Arkin, Chief Security Officer,Important Customer Security Announcement, http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html 8. Michael York,Adobe’s security breach and the impact to you,November 21, Breach,November 13, 2013,http://www.postmanmojo.com/blog/adobes-security-breach-impact 9. Jay Nancarrow,Facebook Warns Users After Adobe 2013,http://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach 10.Nick Bilton,Adobe Breach Inadvertently Tied to Other Accounts, November 12, 2013,http://bits.blogs.nytimes.com/2013/11/12/adobe-breach-inadvertently-tied-to-otheraccounts