Facebook has been among the first to react to the danger of easily decryptable and guessable passwords contained in the leaked file.
Knowing that users are prone to recycling passwords, they were rightfully worried about an onslaught of Facebook account compromises. Consequently, they analyzed the dumped file, compared it to their own user login credentials database, and have blocked the accounts of those users who used the same email address / password combination for both their Adobe and Facebook accounts.
But others should consider doing something similar. Tripwire’s Ken Westin has gone digging through the database, and by checking out the email addresses associated with the accounts, has counted over 234,000 military and government email addresses and 6,000 belonging to US defense contractors. There were also 433 FBI, 82 NSA and 5,000 NASA addresses.
“This breach at Adobe is much potentially damaging to national security than anyone from the company has acknowledged, and the repercussions could be tremendous should the attackers crack the weak encryption before these accounts are secured,” he pointed out.
“Looking at just a few samples of passwords that were used by military, government and defense contractors the majority used were common passwords. It was also easy in many cases once a business/work email was established to identify home email accounts as they had similar user names, the same password just with a different domain from a free email provider like Gmail, Yahoo etc.,” he added.
Military and government employees are more than likely to have had security awareness trainings, but we all known that humans are the weakest link in security, and when it comes to choosing passwords, most people go for “memorable” and nor “secure”. Let’s hope that the organizations they work for have warned about them about this particular danger.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.