LastPass, a password security company, said it discovered passwords, password hints, and email addresses belonging to over 152 million Adobe user accounts. The security firm was able to dig the data on a website frequented by cyber criminals. The number of stolen records is the biggest to date of publicly disclosed online attacks.
The huge trove of user account information on plain text suggests that the security breach reported by Adobe Systems last month was far worse. The company initially reported 3 million accounts compromised during a breach last month. Adobe in a statement last week, revealed that around 38 million more accounts have been attacked.
The Acrobat and Photoshop maker confirmed the claims of LastPass with regard to the stolen data but declared that the findings were insignificant.
According to Heather Edell, Adobe spokesperson, the report of LastPass was inaccurate because the attacked database is a backup due for decommissioning. In a report by Reuters, the company clarified that the compromised user accounts consisted of 25 million accounts with invalid email addresses and 18 million of these with invalid passwords.
The company spokesperson related that Adobe is working with investigators and authorities to determine the true extent of the security breach that led to customer data theft and compromised source codes of several software created by the company. Adobe said that its team has been notifying affected active and inactive account owners.
Privacy experts are worried that the compromised data might be used for phishing scams and it is very dangerous especially for users who have not accessed their accounts for a while or have out-of-date accounts.
"Potentially it's the website you've forgotten about that poses the greater risk. What if somebody set up an account with Adobe ten years ago and forgot about it and they use the same password there that they use on other sites," said non-profit group Privacy Rights Clearinghouse director Paul Stephen in an interview with Reuters.
LastPass insisted that Adobe forgot to use a security technique called "salting" that makes use of secret codes and scrambling techniques to safely store passwords. Because of this, security experts were able to identify the most common password used by the compromised account and that this password was used by 1.9 million accounts.
"I'd say 108 million people fall into the range of likely very easily guessable passwords," said Joe Siegrist, chief executive of LastPass.
In 2009, about 130 million credit card numbers were stolen from the database of the Heartland Payment systems. Another big cyber attack occurred in 2011 when 100 million accounts of PlayStation users were compromised.