Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
https://lastpass.com/adobe
If you ever created an account on Adobe.com or connected service... This is a good time to use this tool to find out if your password is floating around on the web for anyone to pick up.
 

Navjot Singh

Admin
Staff member
Messages
11,466
Location
Gurgaon
ISP
Airtel
Your Adobe account was one of the ones that was compromised.We have sent an email to you with instructions on how to obtain your Adobe password hint.We strongly urge you to follow our recommendations and immediately change your Adobe and related passwords!!
Damn!
That's another thing that I haven't received any email from lastpass.
 

Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
My account was compromised. I changed the password. Problem? I don't remember what password I used for the original account. It was not saved on LastPass so could not find it in the local database.
So, I have no way of finding which password of mine is now compromised linked to my email id. What a freaking nightmare.
Here is an article on how bad Adobe's policy were with respect to password security.
http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
And here are the most popular passwords from the database:
 

Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
They did last month I think. I definitely got the email. I think it was from an account I created to play with Acorbat.com service they launched few years ago.
The dump is 3.77GB big. Wondering if I should download it and search for my email id. I would get the encrypted version of my password. I wonder if I can find out what password it is by using MD5 converters?
Anyone technical enough to tell me if there is an easy way to convert mypassword to encrypted format that is available in this dump? :p
http://filippo.io/analyzing-the-adobe-leaked-passwords/ has some details.
 


Navjot Singh

Admin
Staff member
Messages
11,466
Location
Gurgaon
ISP
Airtel
Oh okay. Maybe I don't remember.
Well according to above post they didn't hash the passwords. So a md5 decrypter won't help. Infact I don't think there is any point in doing that now.
 

Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
I am not looking for a decrypter. I am looking for an encrypter :D
I mean... Let's say I have 3 common passwords...
ABCDEF
GHIJKLM
NOPQRST
I can encrypt all three of them and see which one matches the encrypted form in the dump. And then change that password from other important online services...
 

Navjot Singh

Admin
Staff member
Messages
11,466
Location
Gurgaon
ISP
Airtel
Ah. Still you would need the ciphertext against which they were encrypted. I don't think the sites you mentioned above have managed to crack that. They just guessed the algorithm and found the most common passwords thanks to the obvious password hints.
 

Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
hehe. guess so.
The latest update of LastPass is very solid. If you are not using some password manager, this is a good time to start using it!
 

Navjot Singh

Admin
Staff member
Messages
11,466
Location
Gurgaon
ISP
Airtel
Can lastpass work with 2000+ saved pwds now?
Because everytime I have tried it, it crashes the browser. Why does it have to load all entries from inside a browser page?
 

Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
:D I have no clue. My database is quite large but not sure if it is 2000 passwords large. I am sure you can start fresh with it. And save new passwords as you login to services.
 

Navjot Singh

Admin
Staff member
Messages
11,466
Location
Gurgaon
ISP
Airtel
Starting fresh would be a pain now.
I prefer Roboform. It saves all entries to the hard disk(I am using Dropbox folder). So I get sync plus locally saved data. Plus it has its own online sync option which allows me to use the service even from public computers.
 

Sushubh

Admin
Staff member
Messages
381,503
Location
Gurgaon
ISP
Excitel
Airtel
LastPass 3.1.0 released with a bunch of feature enhancements
New: Android – security challenge in appNew: Cross domain form submissions now warn users when data is filledNew: Enterprise – Add Dropbox and Amazon AWS SAML supportNew: Enterprise – Automatically assign missing shared folders for AD provisioned accountsNew: LastApp – support for IBM iAccess and similar mainframe terminal emulatorsNew: Android – suggestions appear when typing in browser url fieldNew: *BETA* feature – Premium users can choose to host their site data in Europe and utilize LastPass.eu instead of LastPass.comImproved: General – more accurate site fillingImproved: Premium – Resend/automatically reissue family shared folder requestsImproved: Enterprise – Better SAML + AD integrationFixed: IE – fixed several bugs with field iconsFixed: IE – significant performance improvementsFixed: Chrome – view attachment fixedFixed: Enterprise – log shared folder activity when shared outside enterpriseFixed: Android – autologin fixed