Facebook has been among the first to react to the danger of easily decryptable and guessable passwords contained in the leaked file.
Knowing that users are prone to recycling passwords, they were rightfully worried about an onslaught of Facebook account compromises. Consequently, they analyzed the dumped file, compared it to their own user login credentials database, and have blocked the accounts of those users who used the same email address / password combination for both their Adobe and Facebook accounts.
But others should consider doing something similar. Tripwire’s Ken Westin has gone digging through the database, and by checking out the email addresses associated with the accounts, has counted over 234,000 military and government email addresses and 6,000 belonging to US defense contractors. There were also 433 FBI, 82 NSA and 5,000 NASA addresses.
“This breach at Adobe is much potentially damaging to national security than anyone from the company has acknowledged, and the repercussions could be tremendous should the attackers crack the weak encryption before these accounts are secured,” he pointed out.
“Looking at just a few samples of passwords that were used by military, government and defense contractors the majority used were common passwords. It was also easy in many cases once a business/work email was established to identify home email accounts as they had similar user names, the same password just with a different domain from a free email provider like Gmail, Yahoo etc.,” he added.
Military and government employees are more than likely to have had security awareness trainings, but we all known that humans are the weakest link in security, and when it comes to choosing passwords, most people go for “memorable” and nor “secure”. Let’s hope that the organizations they work for have warned about them about this particular danger.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.