The millions of passwords stolen by hackers in the massive breach of Adobe reported last month were not stored using best practices for security, making them easier to crack.
(Adobe breach compromised more than 38 million users)
Adobe admitted the passwords stolen were not hashed, but encrypted, making them more vulnerable to brute-force cracking attempts. The hackers breached a backup system that had not been upgraded with current password protection.
“This system was not the subject of the attack we publicly disclosed on Oct. 3, 2013. The authentication system involved in the attack was a backup system and was designated to be decommissioned,” Adobe spokesperson Heather Edell told CSO. “The system involved in the attack used Triple DES encryption to protect all password information stored.”
(What was reported earlier: Adobe deals with data breach affecting 2.9 million customers)