LastPass Tool to check if your Adobe account is compromised

Sushubh

Administrator
Messages
425,245
Location
Gurugram
https://lastpass.com/adobe
If you ever created an account on Adobe.com or connected service... This is a good time to use this tool to find out if your password is floating around on the web for anyone to pick up.
 

Navjot Singh

Moderator
Messages
6,956
Location
Gurgaon
Your Adobe account was one of the ones that was compromised.We have sent an email to you with instructions on how to obtain your Adobe password hint.We strongly urge you to follow our recommendations and immediately change your Adobe and related passwords!!
Damn!
That's another thing that I haven't received any email from lastpass.
 

Sushubh

Administrator
Messages
425,245
Location
Gurugram
My account was compromised. I changed the password. Problem? I don't remember what password I used for the original account. It was not saved on LastPass so could not find it in the local database.
So, I have no way of finding which password of mine is now compromised linked to my email id. What a freaking nightmare.
Here is an article on how bad Adobe's policy were with respect to password security.
http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
And here are the most popular passwords from the database:
 


Sushubh

Administrator
Messages
425,245
Location
Gurugram
They did last month I think. I definitely got the email. I think it was from an account I created to play with Acorbat.com service they launched few years ago.
The dump is 3.77GB big. Wondering if I should download it and search for my email id. I would get the encrypted version of my password. I wonder if I can find out what password it is by using MD5 converters?
Anyone technical enough to tell me if there is an easy way to convert mypassword to encrypted format that is available in this dump? :p
http://filippo.io/analyzing-the-adobe-leaked-passwords/ has some details.
 

Navjot Singh

Moderator
Messages
6,956
Location
Gurgaon
Oh okay. Maybe I don't remember.
Well according to above post they didn't hash the passwords. So a md5 decrypter won't help. Infact I don't think there is any point in doing that now.
 


Sushubh

Administrator
Messages
425,245
Location
Gurugram
I am not looking for a decrypter. I am looking for an encrypter :D
I mean... Let's say I have 3 common passwords...
ABCDEF
GHIJKLM
NOPQRST
I can encrypt all three of them and see which one matches the encrypted form in the dump. And then change that password from other important online services...
 

Navjot Singh

Moderator
Messages
6,956
Location
Gurgaon
Ah. Still you would need the ciphertext against which they were encrypted. I don't think the sites you mentioned above have managed to crack that. They just guessed the algorithm and found the most common passwords thanks to the obvious password hints.
 

Sushubh

Administrator
Messages
425,245
Location
Gurugram
hehe. guess so.
The latest update of LastPass is very solid. If you are not using some password manager, this is a good time to start using it!
 

Navjot Singh

Moderator
Messages
6,956
Location
Gurgaon
Can lastpass work with 2000+ saved pwds now?
Because everytime I have tried it, it crashes the browser. Why does it have to load all entries from inside a browser page?
 
Thread starter Similar threads Forum Replies Date
Sushubh Apps 8
IBF Apps 0
Sushubh Apps 1
Sushubh Apps 2
Sushubh Apps 103

Similar threads


Top