Password security firm LastPass said it has found data including email addresses, encrypted passwords and password hints for 152 million users of Adobe Systems software — stored on an underground website.
This is still more fallout from a data security breach that Adobe acknowledged in early October, after it was discovered by security specialist KrebsOnSecurity. Initially, Adobe estimated data of about 2.9 million users of Acrobat, Acrobat Reader, and Cold Fusion was affected but later in the month it upped that number to 38 million and added PhotoShop to the list of affected software packages.
LastPass said what it found shows that still more users than that were impacted. An Adobe spokeswoman told Reuters it would be inaccurate to say 152 million accounts were compromised “because the database attacked was a backup system about to be decommissioned” and that many of those accounts were actually fictitious, set up for one-time use to give their creators access to free software.
It’s probably worth noting that LastPass offers a password management product. The first thing Adobe customers were told to do was to change their passwords.