In early October, Adobe announced that 2.9 million customers were impacted as a result of a data breach. The attack was allegedly carried out mid-August.
A few weeks later it surfaced that the number of effected customers was over 40 times the original amount with 152 million email address and passwords published online. To our knowledge, this makes it the largest publicly known password database compromise in history.
We have received and reviewed the file.
Of the 152,450,038 valid records:
- 24 million were “gmail.com” email addresses
- 2.3 million were “.edu” email addresses
- 249,629 were “.gov” email addresses
In Australia alone (our home country), we found:
- 1,145,100 addresses from “.au” domains
- 128,952 addresses from “.edu.au” (educational institutions)
- 35,006 addresses from “.gov.au” (government institutions)
- 488 address from “police.*.gov.au” (our police force)
- 276 addresses from “aph.gov.au” (Australian Parliament House)
Although the passwords were encrypted, the methods used by Adobe were defective and it didn’t take the community long to decrypt a large number of passwords.
Along with the user credentials, it has been reported that the source code for some of Adobe’s software products was also compromised, including ColdFusion and Acrobat.
We have addded to our repository the fingerprints of the over 152 million email addresses affected, and we have commenced notifying all email addresses and domains tracked by our Email Watchdog that appear in the breach. If you’re not a Watchdog customer, you can check your email address for free using the form on our home page.
If your email address was compromised, we recommend you follow our 10-step guide for what to do.
Adobe has also published a customer security alert.
It’s never a great day when things like this happen, but it does make us more steadfast in the service we provide.
Some more coverage of the Adobe breach: