Breach, Data Security, Incident Response, TDR

Facebook users locked out if credentials are shared with Adobe account

“Someone may have accessed your account.”

That is the subject of a notification some Facebook users will be seeing if the credentials for their social media account are the same as their recently compromised Adobe account. The body of the message reads:

“Recently, there was a security incident on another website unrelated to Facebook. Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places. To secure your account, you'll need to answer a few questions and change your password. For your protection, no one can see you on Facebook until you finish.”

Ammon Bartram, a software engineer, recently told the New York Times that it is “disturbing” how many people used the same password for their Adobe account as they did for their email address, Facebook account, bank account and garage code. He added that tens of thousands used “same as my Facebook password” or “same as my bank password” as a reminder hint.

In the beginning of October, Adobe began warning customers that their accounts were breached and their credit card information had been compromised. The intruders were also said to have stolen product source code.

At the end of October, Adobe revealed that the number of impacted customers had skyrocketed to about 38 million from the roughly three million it announced weeks prior. Security firm Stricture Consulting Group analyzed the hashed passwords and revealed that nearly two million Adobe accounts had ‘123456' as a password.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.