Find out if your data was leaked in the Adobe hack

Find out if your data was leaked in the Adobe hack

Summary: Adobe's database was hacked on October 3, impacting an estimated 150 million Adobe users. Here's a simple way to see if you're affected.

SHARE:
TOPICS: Security, Cloud, Servers
13

Wonder if your email address, password, credit card information or more was leaked to the world when Adobe's database was hacked last October?

If you've gotten your email address anywhere near an Adobe product past or present, then the answer is: probably.

Recent reports reveal that Adobe's stolen database held around 150 million user accounts - and not the 2.9 million Adobe originally reported, or the 38 million Krebs on Security later reported.

adobe hacked 150

Entities both friendly and malicious are crawling all over the data. Much of what we're learning about the breach has come from independent researchers not affiliated with Adobe.

Facebook, Diapers.com and Soap.com are currently mining Adobe's hacked database file to find their own users and tell users they've been compromised by the breach - but you can find out on your own.

See if your info is in the file stolen from Adobe

Dutch student Lucb1e made a handy search tool out of the data, where the security conscious can find out if their personal information is in the file being passed around online.

To use Lucb1e's Adobe hack search tool, enter in a partial email address (or a whole email address).

Then, either re-check the page or have the results emailed to you - Lucb1e recommends that you have the results emailed.

The results are not instant.

Lucb1e explains, "Searches will not be performed all day. You can submit a search query, but it will not be performed instantly. Instead, I'll run all searches twice a day or so."

When you run his search tool:

It will tell you what information exists in the file for your email address, and email you the report if you want.

Based on the encrypted information it can see in the password, it will tell you certain information about your password that it can deduce, like the approximate length of it.

What if your results come up positive?

If you're in the file change your passwords immediately (if you haven't already done so).

"9,334 of these rows contain a @purdue.edu email address"

Paul Ducklin at Sophos [Naked Security] wrote,

A huge dump of the offending customer database was recently published online, weighing in at 4GB compressed, or just a shade under 10GB uncompressed, listing not just 38,000,000 breached records, but 150,000,000 of them.

As breaches go, you may very well see this one in the book of Guinness World Records next year, which would make it astonishing enough on its own.

 The stolen file contained both active and inactive accounts for "numerous Adobe products" (examples include Acrobat, Photoshop, ColdFusion, CreativeCloud).

The file holds Adobe IDs, email addresses, (encrypted) passwords, credit/debit card numbers, expiration dates, other PII (Personally Identifiable Information) and more.

At this time, it is believed that the file's passwords have not been cracked.

Yet this belief veils little more than a race to the encryption key, as this week we learned that Adobe's passwords can be unlocked with a single key.

Ducklin wrote,

The use of a symmetric cipher here, assuming we're right, is an astonishing blunder, not least because it is both unnecessary and dangerous.

Anyone who computes, guesses or acquires the decryption key immediately gets access to all the passwords in the database.

We can only imagine how much money that key is worth now.

Is it safe to use Lucb1e's search?

Lucb1e writes,

I temporarily store your IP address, the search query and the search result.

This data is stored for 48 hours. After that, all your data is permanently erased.

If you tick the 'email results' box, you receive 1 email. Storing your IP is for security reasons. If someone submits ten thousand searches at once, it automatically blocks that.

Who can access this data? Me and only me. And the Dutch government if they do a formal request (within 48 hours, after that it's permanently gone like I said before), but I've never received such a request, nor do I expect to. Also be sure to use https if you're concerned about that kind of thing.

 Lucb1e had an interesting time creating his search tool, and received helpful feedback from his co-Redditors on making it faster and more efficient.

He documented the process in Searching 10GB of data As A Service - lessons learned, an interesting series of his own "Training Waves."

The day before yesterday I launched a service where you can check whether you were included in the Adobe accounts hack. I had the file, it could be grepped for stuff in about 30 seconds, and I thought "hey, others might want to do this too". And so I started coding. 

My parents would be home soon and we'd go out for dinner, but I wanted it done. (...)

(...) I started mashing another script together which connected to the server, got some search queries, ran the queries in batches on my laptop's local database, and posted the results back to the server. 

This was epicly fast. 

Then I multithreaded it. 

This was super epicly fast. 

He concludes with three excellent lessons, the last of which includes:

Test and think before putting something out there.

Don't rush too much. 

Let's hope Adobe reads that bit, and takes it to heart.

Topics: Security, Cloud, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Why give your info to Lucb1e?

    Why should this Lucb1e person get your data?
    This is bad advice. http://adobe.cynic.al/ and https://lastpass.com/adobe/ will give you an instant result.
    However I wouldn't even recommend using either of those. Why should you give a 3rd party your email address, confirming that it's still in use/active?
    Adobe have emailed everyone who was on the list, if you're using the same password for more than one site then you should be changing that regardless of whether or not your address appears on the list.
    apoptygma_berzerk
  • Adobe Security Alerts - One year of identity thief service free

    Adobe have alerted everyone and made everyone to change their passwords as a security pre-caution. but that is not all. people who's emails are compromised were sent another email to offer them one year of free identity thief service by some reputable company so people can monitor their credit reports and stay alert. That is better than entering your information to third party sites which flaky.
    BTW, why do i have to go through hoops to register account to leave a simple comment? Plus i have verify my email address to leave 2 line comment. why ZdNet why?
    Anyway, I love Violet blue's writings. Thanks for reading my comment.
    HasanPR
    • *Identity Theft*

      Sorry for typo. I wanted to say Identity Theft instead of Identity Thief. My apologize.
      HasanPR
    • Not Everyone, Apparently

      My email was hacked and I did not get an email from Adobe. Just found out about this.
      grannygamer
  • Shame on Adobe

    I'm not sure I trust Adobe to email everybody who's password was compromised.

    After all, it was Adobe that tried to minimize the incident, and claim there were far fewer account breaches than there really were. Adobe didn't even email all customers to let them know that this incident happened. The customers had to read about it in the technology press.

    Adobe obviously had inadequate security in place, much less secure than a bank would hold data. Adobe is still showing contempt by keeping customers in the dark.

    Adobe should be shamed, for being so cavalier and disrespectful of its customers' private information.
    Vbitrate
  • "saving face"

    Everybody remembers how the Chinese were demonized on world's media networks for under-reporting on such unglamorous stuff like that earthquake in Szechuan, or the progress of SARS epidemics. The Chinese were afraid to expose to the public some of the dirt endemic to their system.
    It seems to be true in Adobe's case too. They prefer to minimize the exposure of their dirt, in fear that their disregard of customers private information will be exposed too.
    Dirty, unkempt code, which provide a gold mine for e-thieves, scandalous security measures.
    These guys at Adobe, making their gazillions in options, retirement packages and other benefits, know very well the rule, that "if something ain't broken - don't fix it".
    As long as the money for benefits pour in, why should they care to secure their customers sensitive information? There is no need to divert any cent for that .

    It seems that compromised account details and credit card numbers affect only their customers. Therefore it is their problem and responsibility, not of Adobe.
    No wonder Jobs, an insider in the industry, refused Adobe's filth on his products.

    Why are we, the public, the customers, too dumb to be able to refuse this filth on our machines?
    Why are we so dumb, as to be first, suckers of unscrupulous corporations, then, victims of cyber-crooks?
    mic602
  • Secure check available

    I've created a check that does not send the email address to any server, ever. It is also instant and doesn't suffer from any scalability issues (it uses binary search over the md5 hashes of the leaked email addresses). The service is hosted on TLS secured site, too.

    You can find the service here:

    https://sintonen.fi/adobe/
    kyb
    • does not instill confidence

      secure connect issue does not instill confidence

      firefox 25.0 refuses to make the secure connection to https://sintonen.fi/adobe/ and throws the following error message:

      This Connection is Untrusted
      You have asked Firefox to connect securely to sintonen.fi, but we can't confirm that your connection is secure.
      Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
      sintonen.fi uses an invalid security certificate. The certificate is only valid for the following names: www.nettivinkki.fi , nettivinkki.fi (Error code: ssl_error_bad_cert_domain)

      nettivinkki.fi has poor/unsatisfactory WOT rating with mixed user comments

      When a www. is added to the address, firefox does not invoke its objection.




      FF 25.0 on W7HPx64
      darkest_matter
  • Good lord

    This reminds me of my first PHP & MySQL assignment 7 years ago.

    My professor wouldn't even take my assignment and made me redo it. Considering Adobe did this in production, to such a scale? Ridiculous. Reminds me of Playstation.
    dustyred14
  • Adobe re-activated my subscription and charged credit card!

    Hi, not sure if this is related to the hack, but I cancelled my month-to-month Adobe subscription recently, and I have just received an email saying "thank you for re-activating your account" (which I didn't do), and they have just debited my credit card!!! I could not find an email address to contact them to get this fixed. I just noticed on an Adobe forum that shows this has happened for other uses too, all 11th to 13th Nov 2013.
    AustralianUser
    • Contact your credit card company ASAP

      I'd flag that transaction with your credit card company.

      Here's what I have for them:
      Contact Information

      U.S. and Canada: 800 833-6687
      www.adobe.com/support/

      www.adobe.com/international/support/
      ejhonda
  • Why not find out

    I gave it a whirl using only the first part of my email address not to include the @ symbol or anything thereafter. Got a result within a couple of minutes with my entire email address and the "hint" I had set up as a password reminder with Adobe. I was glad to see the hint because I had forgotten it and used that hint to recall my password and to successfully log into to Adobe where I was prompted to change my password (which I did).

    Thanks for this Article.
    larioransomi@...
  • Okay its the time to give it away.

    Take it and save it. ALL ACCOUNTS DATA BELOW:

    users.tar.gz - http://filecom.net/xDpje
    ph1.tar.gz - http://filecom.net/F6T6PzEA
    all_users_list.rar - http://filecom.net/yewUs
    Sofia Kay