Ask HN: Was the Adobe account dump cracked?
On Christmas I received a notification from Humble Bundle that my e-mail address was changed to a ".ru" account. I instantly realized that I'd missed that account when I changed all my passwords after the Adobe breach. That account was using the same e-mail/password combination which I used with Adobe. Given that this was a fairly long and non-obvious password, I have to conclude that the encryption key was either stolen along with all of the passwords, or that it was cracked. Is this a false conclusion? Has anyone seen any other evidence that the key has been cracked/leaked?
As an aside, I got the account back. After Humble Bundle failed to respond to my support requests, I googled the e-mail address and the only result was a list of cracked e-mail accounts and their passwords. I tried the password. I was able to log in, successfully reset my password, and reset my account's e-mail address back to my own. I was briefly tempted to seek revenge, but I have a feeling this account is in no way associated with the original attacker. Instead I believe it was just mined for its goodies (I see a bunch of password reset messages), and then used as a burner.
0 comments
[ 3.0 ms ] story [ 10.7 ms ] threadNo comments yet.