Earlier this month, hackers stole roughly 150 million e-mail-address/password combinations from Adobe.com. The complete contents of what was stolen is freely available on the Internet, to anyone who wishes to use it for whatever purposes they want.
What was stolen
Keep in mind that, what was stolen are credentials to access Adobe.com and related services. If you don’t have an adobe.com account, that doesn’t mean that you don’t have to worry.
Why you need to worry
You might have an Adobe.com account and not realize it. Most of us have accounts with dozens, if not hundreds of Web-based services. Some we set up for a one-time use, or trial, and then promptly forgot about. Others are things we log into automatically, and don’t even realize we have an account. If you do have an Adobe.com account, and you use this same e-mail/password combination for other sites, you need to change your password on all those sites, immediately: Once a hacker gets a username/password combination for one site, they will go out and try that same username/password combination against other sites, especially banking, or eBay, or other sites that deal with money. Never, ever, ever use the same password for more than one site.
Even if you truly do not have an Adobe.com account, you still need to worry: Every time hackers get ahold of real-world password lists, it gives them greater insight into the types of passwords that people use. An analysis of 130,324,429 accounts that were part of this breach reveals that the top 100 passwords are used by 5,961,010, or 5%, of the accounts. Bottom line: a lot of people use the same passwords. Given human nature, it makes sense that most of these same passwords are used with the same frequency on other systems. With automated tools, it’s trivial for a hacker to try 100 passwords. Expand the list to the top 1000, or top 10,000, and you’ll have a ready-made dictionary of likely passwords to try at any site.
What you should do
- Go to https://lastpass.com/adobe/, and enter your e-mail address to see if it is one of the millions that have been compromised.
- If so, go to https://www.adobe.com/account/sign-in.adobedotcom.html, and change your password.
- If so, and if you have used the same password at other sites, change them as well.
- Regardless of the above three steps, if you use the same password for multiple sites, change them now.
- Review the following list of top 100 passwords. If you use them anywhere, change those passwords.
The top 100 passwords used at Adobe.com
Presented in alphabetical order, for your convenience:
000000, 102030, 111111, 11111111, 112233, 121212, 123123, 123123123, 123321, 1234, 12345, 123456, 1234567, 12345678, 123456789, 1234567890, 123654, 123qwe, 1q2w3e, 1q2w3e4r, 1qaz2wsx, 222222, 555555, 654321, 666666, 753951, 7777777, 987654321, aaaaaa, abc, abc123, abcd1234, abcdef, adobe1, adobe123, adobeadobe, alexander, andrea, andrew, asdasd, asdfasdf, asdfgh, asdfghj, asdfghjkl, azerty, baseball, buster, charlie, chocolate, computer, daniel, dragon, dreamweaver, fdsa, football, freedom, fuckyou, ginger, hannah, iloveyou, internet, jennifer, jessica, jordan, joshua, killer, letmein, liverpool, macromedia, maggie, master, matrix, michael, michelle, monkey, nicole, password, password1, pepper, photoshop, princess, purple, qazwsx, qwerty, qwertyuiop, samsung, secret, shadow, snoopy1, soccer, summer, sunshine, superman, test, thomas, tigger, trustno1, welcome, whatever, zxcvbnm