Adobe’s security breach laid bare 38 million passwords to the world – and a security researcher claims that 1.9 million of these are the simple “123456”.
Half a million craftier customers chose “123456789”, according to a report by The Register, quoting researcher Jeremi Gosni, a self-styled “password security expert” who found the passwords in a dump online.
The entire top 20 is filled with “simplistic” passwords which are a “cause for concern,” according to PC Retail’s report.
The passwords are to be found on several online dumps, Gosni said. Adobe initially said that three million accounts were affected, but has since raised that figure to 38 million, with another 150 million at risk.
Password Number of users
The Register called the list of passwords “pathetic”, saying that it made their staff, “wonder if criminals should have bothered breaking in to steal them: with 1.9 million users relying on “123456” there’s a better than one in one hundred chance of unlocking an Adobe account with blind luck.”
ESET Senior Research Fellow David Harley says that in cases such as these, even users with “strong” passwords are at risk – and should think carefully about other sites where they may have used the same password:“Where your login credentials have been revealed, it’s obviously a good idea to change your password, and in fact the compromised site may force you to do so. However, an attacker is likely to assume that you use the same credentials on other sites, and he may try them on other sites of interest to him. (Of course, they may not be sites of interest to you.) So it’s a good idea (if an irksome task) to change your password on other sites that do use the same credentials.”
A We Live Security guide to what to do in the event of a breach can be found here.
ESET Researcher Stephen Cobb described the breach as “unprecedented” at the time, due to the fact that attackers also appeared to have accessed source code for Adobe’s Acrobat software.
Cobb says, “Access to the source code could be a major asset for cybercriminals looking to target computing platforms such as Windows or mobile operating systems such as Android.”
Author Rob Waugh, We Live Security