The millions of passwords stolen by hackers in the massive breach of Adobe reported last month were not stored using best practices for security, making them easier to crack.

(Adobe breach compromised more than 38 million users)

Adobe admitted the passwords stolen were not hashed, but encrypted, making them more vulnerable to brute-force cracking attempts. The hackers breached a backup system that had not been upgraded with current password protection.

“This system was not the subject of the attack we publicly disclosed on Oct. 3, 2013. The authentication system involved in the attack was a backup system and was designated to be decommissioned,” Adobe spokesperson Heather Edell told CSO. “The system involved in the attack used Triple DES encryption to protect all password information stored.”

(What was reported earlier: Adobe deals with data breach affecting 2.9 million customers)

About Rob Marvin

Rob Marvin has been covering the software development and technology industry as Online & Social Media Editor at SD Times since July 2013. He is a 2013 graduate of the S.I. Newhouse School of Public Communications at Syracuse University with dual degrees in Magazine Journalism and Psychology. Rob enjoys writing about anything and everything, from features, entertainment, news and culture to his current work covering the software development industry.