Take Action Now: Check If You’re Affected by the Adobe Breach

By November 6, 2013 Security News 19 Comments
Are you wanting to know if you’ve been affected by the recent Adobe breach?

We’ve built a tool to help you check if your email address was on the list of affected accounts: https://lastpass.com/adobe/

About a month ago, the software company Adobe had a big data breach said to have affected some 3 million users. News then circulated that 38 million users were affected – but wait, the problem gets worse. The data dump that was recently published online has been shown to contain 150 million breached records.

We’ve also learned that significantly more data was stolen than first thought, including emails, encrypted passwords, password hints, names, credit card numbers, and card expiration dates.

In addition to using our tool above to check your email, we are strongly encouraging our users to take additional action steps now to protect themselves from the breach:

1. Run the LastPass Security Check. In the LastPass Icon’s Tools menu, run the Security Check to see if you were using the Adobe password for any other accounts.

2. Change your Adobe password. Login to your Adobe account and update your password: https://www.adobe.com/go/passwordreset and use LastPass to generate a new one.

3. Update the passwords for any other accounts that used the same password.

4. Share the LastPass tool. Help friends, family, and coworkers check if their accounts were affected, and show them how they can follow these steps to better protect themselves.

Since credit cards were affected, you may also want to consider signing up for free credit monitoring alerts like the ones LastPass provides. If any unusual activity is detected, you can take action immediately and mitigate the damage.

For a full analysis of the Adobe data dump, check out Paul Ducklin’s article on the Sophos NakedSecurity blog. We’ll be keeping an eye on how this story continues to develop, but most importantly we want LastPass users to continue being proactive in protecting their sensitive information, and their identities online. If you’re new to secure password management, get started today by downloading LastPass, creating a free account, and updating your passwords to secure, generated ones.


  • Anonymous says:

    Moderator — this Adobe Survey appears to be spam, please check it out.

  • Anonymous says:

    I used the LastPass tool and was told that my address was one of those that had been compromised. I was told “If your email address is in the list then we’ll email you with a link that provides you access to your leaked Adobe password hint, if your password is shared by other users, and all the password hints available for that shared password.” I never received any email from LastPass. Also, I see no reason to change my Adobe password, since it’s a unique password that I’ve used nowhere else. I have bought two items from Adobe over the years, and that’s all. The credit card numbers I used for those purchases are no longer valid. So why bother to change my password? Now that Adobe has changed its policy about PhotoShop, I’ll probably never buy anything from them again.

  • So… here is my question. My password is apparently compromised but I have no idea which one of my commonly used passwords is the one in this dump.

    I want to know if there is a tool that I can use to encrypt my common passwords and then crosscheck with the database available online to identify.

    I did the stupidity of changing the password before testing which password worked on Adobe.com. It was not saved in my LastPass.com account so I cannot identify it from there.

    • Amber Gott says:

      Hm, that’s tough. The best option is to run the LastPass Icon > Tools > Security check, and see if you have duplicate / weak passwords, and then just take the time to start updating them all. I can’t think of any other ways to do this but if others have thoughts please join in.

  • Steve says:

    Here’s the only problem with letting LastPass generate a long and secure password for adobe, creative cloud runs on the system, not the web. You have to continually log in to creative cloud. There’s no way to copy and paste that password into creative cloud, you have to type it in. Doing that once a month (or more) is a real pain. If there’s a solution to this, would be happy to hear it.

  • Tweaking two or three options in preferences and advanced really makes 3.0 more manageable. They probably should have checked a few of those options by default just to make the transition easier, but what the hell do I know? As for Adobe, I avoid their products whenever possible because I find them heavy and cumbersome, but I know plenty of people who use them constantly, so I’ll be forwarding on this tool. Which sounds kind of dirty, but isn’t.

    • Amber Gott says:

      Thanks Mark, we’re glad those options are making the transition smoother, we’ll reevaluate our defaults.

      Yes, this breach is massive, so it’s important to get this message out there. Thanks for your help.

  • Doug Laakso says:

    Why are you worried about Adobe when LastPass 3.x is a disaster?

    • Erik Bates says:

      Does Lastpass 3.x have some sort of major security vulnerability that we’re unaware of? If not, then that answers your question.

    • Anonymous says:

      At first I did notice a lot of bugs with LastPass 3.0’s UI, though after about an hour they stopped and it works fantastic.
      I seriously doubt Doug found a security risk, he’s probably just hating because he got scared by a harmless bug

    • Amber Gott says:

      Thanks guys – as we’ve said, we appreciate the feedback and are happy to continue to be of help.