Nov 6, 2013

Take Action Now: Check If You’re Affected by the Adobe Breach

Are you wanting to know if you've been affected by the recent Adobe breach?

We've built a tool to help you check if your email address was on the list of affected accounts: https://lastpass.com/adobe/

About a month ago, the software company Adobe had a big data breach said to have affected some 3 million users. News then circulated that 38 million users were affected - but wait, the problem gets worse. The data dump that was recently published online has been shown to contain 150 million breached records.

We’ve also learned that significantly more data was stolen than first thought, including emails, encrypted passwords, password hints, names, credit card numbers, and card expiration dates.

In addition to using our tool above to check your email, we are strongly encouraging our users to take additional action steps now to protect themselves from the breach:

1. Run the LastPass Security Check. In the LastPass Icon’s Tools menu, run the Security Check to see if you were using the Adobe password for any other accounts.

2. Change your Adobe password. Login to your Adobe account and update your password: https://www.adobe.com/go/passwordreset and use LastPass to generate a new one.

3. Update the passwords for any other accounts that used the same password.

4. Share the LastPass tool. Help friends, family, and coworkers check if their accounts were affected, and show them how they can follow these steps to better protect themselves.

Since credit cards were affected, you may also want to consider signing up for free credit monitoring alerts like the ones LastPass provides. If any unusual activity is detected, you can take action immediately and mitigate the damage.

For a full analysis of the Adobe data dump, check out Paul Ducklin’s article on the Sophos NakedSecurity blog. We’ll be keeping an eye on how this story continues to develop, but most importantly we want LastPass users to continue being proactive in protecting their sensitive information, and their identities online. If you're new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.

21 comments:

  1. Why are you worried about Adobe when LastPass 3.x is a disaster?

    ReplyDelete
    Replies
    1. Does Lastpass 3.x have some sort of major security vulnerability that we're unaware of? If not, then that answers your question.

      Delete
    2. At first I did notice a lot of bugs with LastPass 3.0's UI, though after about an hour they stopped and it works fantastic.
      I seriously doubt Doug found a security risk, he's probably just hating because he got scared by a harmless bug

      Delete
    3. Thanks guys - as we've said, we appreciate the feedback and are happy to continue to be of help.

      Delete
  2. Tweaking two or three options in preferences and advanced really makes 3.0 more manageable. They probably should have checked a few of those options by default just to make the transition easier, but what the hell do I know? As for Adobe, I avoid their products whenever possible because I find them heavy and cumbersome, but I know plenty of people who use them constantly, so I'll be forwarding on this tool. Which sounds kind of dirty, but isn't.

    ReplyDelete
    Replies
    1. Thanks Mark, we're glad those options are making the transition smoother, we'll reevaluate our defaults.

      Yes, this breach is massive, so it's important to get this message out there. Thanks for your help.

      Delete
  3. Here's the only problem with letting LastPass generate a long and secure password for adobe, creative cloud runs on the system, not the web. You have to continually log in to creative cloud. There's no way to copy and paste that password into creative cloud, you have to type it in. Doing that once a month (or more) is a real pain. If there's a solution to this, would be happy to hear it.

    ReplyDelete
    Replies
    1. Copy password from the vault, put the cursor in the password box and press "Ctrl+v" to paste. I do it all the time ;-)

      Delete
    2. Yes, right-click on the site name > copy password in the vault. If you have trouble let us know.

      Delete
  4. So… here is my question. My password is apparently compromised but I have no idea which one of my commonly used passwords is the one in this dump.

    I want to know if there is a tool that I can use to encrypt my common passwords and then crosscheck with the database available online to identify.

    I did the stupidity of changing the password before testing which password worked on Adobe.com. It was not saved in my LastPass.com account so I cannot identify it from there.

    ReplyDelete
    Replies
    1. Hm, that's tough. The best option is to run the LastPass Icon > Tools > Security check, and see if you have duplicate / weak passwords, and then just take the time to start updating them all. I can't think of any other ways to do this but if others have thoughts please join in.

      Delete
  5. I used the LastPass tool and was told that my address was one of those that had been compromised. I was told "If your email address is in the list then we'll email you with a link that provides you access to your leaked Adobe password hint, if your password is shared by other users, and all the password hints available for that shared password." I never received any email from LastPass. Also, I see no reason to change my Adobe password, since it's a unique password that I've used nowhere else. I have bought two items from Adobe over the years, and that's all. The credit card numbers I used for those purchases are no longer valid. So why bother to change my password? Now that Adobe has changed its policy about PhotoShop, I'll probably never buy anything from them again.

    ReplyDelete
    Replies
    1. Yep, you're probably ok then, but doesn't hurt to make sure you don't see any suspicious activity with your accounts and identity. Did the email go to spam?

      Delete
    2. Thanks for your quick and reassuring response. No, the email didn't go into spam. That was the first thing I checked.

      Delete
    3. If you send a ticket and mention the email address you used, we can investigate further: https://lastpass.com/supportticket.php

      Delete
  6. Moderator -- this Adobe Survey appears to be spam, please check it out.

    ReplyDelete
  7. Does anyone know how you delete your Adobe account if you don't need it?

    ReplyDelete
  8. Your tool indicates that my email is on the list, but the page you point to at Adobe doesn't agree. In addition, I have no reason to think I've ever set up an account with Adobe. What gives? Does your tool check against the actual list of email addresses, or are you checking against hashes of addresses?

    Thanks.

    ReplyDelete
  9. bookmarked!!, I really like your website!

    Feel free to surf to my homepage :: Muscle system pro

    ReplyDelete
  10. In attempting to use LastPass on several sites, I kept ending up with 2 vault entries for each one. One named for the site and having a correct username (and I thought password) and one called "generate password" or maybe it was "generated password" and not having a username. So when logging in I would select the user name from the drop down and all was well. Thinking the "generate..." entry was not needed I deleted them and of course then could not log in. mild disaster.

    So what did I do wrong? Where did the "generate...." entries come from and should they be present?

    ReplyDelete
  11. My hair is thick and long, and in my opinion just outright boring.
    Next, you also need to avoid the center part; it is suggested to
    keep it to the side. The two general ways that women with shaggy layers will
    wear their hair is messy and curly or straight.



    My blog post: fringe hairstyles ()

    ReplyDelete