Take Action Now: Check If You’re Affected by the Adobe Breach

By November 6, 2013 Security News 19 Comments
Are you wanting to know if you’ve been affected by the recent Adobe breach?

We’ve built a tool to help you check if your email address was on the list of affected accounts: https://lastpass.com/adobe/

About a month ago, the software company Adobe had a big data breach said to have affected some 3 million users. News then circulated that 38 million users were affected – but wait, the problem gets worse. The data dump that was recently published online has been shown to contain 150 million breached records.

We’ve also learned that significantly more data was stolen than first thought, including emails, encrypted passwords, password hints, names, credit card numbers, and card expiration dates.

In addition to using our tool above to check your email, we are strongly encouraging our users to take additional action steps now to protect themselves from the breach:

1. Run the LastPass Security Check. In the LastPass Icon’s Tools menu, run the Security Check to see if you were using the Adobe password for any other accounts.

2. Change your Adobe password. Login to your Adobe account and update your password: https://www.adobe.com/go/passwordreset and use LastPass to generate a new one.

3. Update the passwords for any other accounts that used the same password.

4. Share the LastPass tool. Help friends, family, and coworkers check if their accounts were affected, and show them how they can follow these steps to better protect themselves.

Since credit cards were affected, you may also want to consider signing up for free credit monitoring alerts like the ones LastPass provides. If any unusual activity is detected, you can take action immediately and mitigate the damage.

For a full analysis of the Adobe data dump, check out Paul Ducklin’s article on the Sophos NakedSecurity blog. We’ll be keeping an eye on how this story continues to develop, but most importantly we want LastPass users to continue being proactive in protecting their sensitive information, and their identities online. If you’re new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.


  • jrg says:

    In attempting to use LastPass on several sites, I kept ending up with 2 vault entries for each one. One named for the site and having a correct username (and I thought password) and one called “generate password” or maybe it was “generated password” and not having a username. So when logging in I would select the user name from the drop down and all was well. Thinking the “generate…” entry was not needed I deleted them and of course then could not log in. mild disaster.

    So what did I do wrong? Where did the “generate….” entries come from and should they be present?

  • johndburger says:

    Your tool indicates that my email is on the list, but the page you point to at Adobe doesn’t agree. In addition, I have no reason to think I’ve ever set up an account with Adobe. What gives? Does your tool check against the actual list of email addresses, or are you checking against hashes of addresses?


  • Anonymous says:

    Does anyone know how you delete your Adobe account if you don’t need it?