Facebook users who used the same email and
password on their Adobe and Facebook accounts have been offered a
helping hand by Facebook itself in the wake of the recent massive breach
at Adobe, which leaked private data for 38 million users – in the form
of a block and forced password reset.
The social network now blocks such accounts, and asks additional questions before forcing a password reset, according to The Verge.Brian Krebs of Krebs on Security reports that the social network has mined data leaked from the recent breach to secure user accounts. Data from the breach is already available online.
Users who employed the same combination of email and password across both accounts are automatically locked out of their Facebook accounts, and asked additional questions before being granted access. Users are then asked to create a new password, The Verge reports.
Users are greeted with a warning message headed, “Someone May Have Accessed Your Account,” according to Engadget’s report. The message continues, ““Recently, there was a security incident on another website unrelated to Facebook. Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places. To secure your account, you’ll need to answer a few questions and change your password. For your protection, no one can see you on Facebook until you finish.”
Facebook did not confirm how many users were affected. The
password information is available publicly on the internet via several
password “dumps”.
“We actively look for situations where the accounts of
people who use Facebook could be at risk—even if the threat is external
to our service,” said spokesman Jay Nancarrow, speaking to Brian Krebs.
“When we find these situations, we present messages like the one in the
screenshot to help affected people secure their accounts.”
Adobe has admitted around 38 million active users may have had IDs and encrypted passwords accessed by unknown attackers in a breach earlier this year.
Previously, it had been estimated that around three million users had
data accessed. Others have speculated the number affected may be much
larger.ESET Researcher Stephen Cobb described the breach as “unprecedented” at the time, due to the fact that attackers also appeared to have accessed source code for Adobe’s Acrobat software.
Krebs says, “It also appears that the already massive
source code leak at Adobe is broadening to include the company’s
Photoshop family of graphical design products.” The company now admits
that “numerous” products were affected by the breach.
Many of the 38 million passwords accessed in the breach
were extremely simple – and a security researcher claims that 1.9
million of these are the simple “123456”, as reported by We Live Security here.
Half a million craftier customers chose “123456789”, according to a
report by The Register, quoting researcher Jeremi Gosni, a self-styled
“password security expert” who found the passwords in a dump online.“Our investigation to date indicates that a portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on Oct. 3,” Edell wrote. The company’s ColdFusion web application platform may also have been accessed.
ESET researcher Stephen Cobb says, “Access to the source
code could be a major asset for cybercriminals looking to target
computing platforms such as Windows or mobile operating systems such as
Android.”
“So far, our investigation has confirmed that the attackers obtained
access to Adobe IDs and (what were at the time valid), encrypted
passwords for approximately 38 million active users,” said Adobe
spokeswoman Heather Edelll.“We have completed e-mail notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident — regardless of whether those users are active or not.”
“Adobe’s security team recently discovered sophisticated
attacks on our network, involving the illegal access of customer
information as well as source code for numerous Adobe products,”” the
company says. “ We believe these attacks may be related. We are working
diligently internally, as well as with external partners and law
enforcement, to address the incident.”
No comments:
Post a Comment