Norman Safeground Blogs

insight, opinion & information

 
 

What does hacked information look like? Adobe edition

HackingWhen a criminal hacks a business’s website, the company typically asks users to change their passwords and then pleads with customers to keep using their services. But – as customers – we’re never entirely sure what information of ours has been exposed.

However, when Adobe, the company behind the Photoshop software that makes magazine models unrealistically attractive, was hacked, something different happened: the data was leaked online. While this is worse for Adobe customers, it means we can talk you through what data hackers go for when exploiting a website, so you can judge for yourself how much of a threat it is.

Under-reporting is a real concern

To start with, Adobe appear to be under-reporting the extent of the hack. Originally, it was claimed that around 38 million accounts were at risk, but research from Colin Keigher of afreak.ca suggests that the number could be nearly five times greater: 153 million!

It’s not like anyone thought 38 million was a small number in the first place, but 153 million is a gargantuan hack. If the second number is actually true, it’s shocking how incorrect the initial estimate was.

In general, the more data a company admits to having lost, the worse it is for the company. Therefore they may report the lowest possible numbers they can. If a service you use is hacked, it can’t hurt to act more cautiously than the company advises.

Not enough salt

The safest method for a company to store a password is by attaching a unique “salt” to each one. Salts are pieces of information added to passwords to make them harder to crack, should they be stolen from a company.

Companies store passwords a bit like how children create secrets codes. In simplistic terms, each letter and symbol is assigned to to a different one, to make it impossible to just read the password:

A = C, B = Z, C = R, D = M, etc.

In addition to this encryption, a “salt” is also added. Salts add additional information to the end of these secret codes, making them ever harder to understand. For example, a password might change from “DSgdfgHFFghfhFHFG” when it is encoded, to “DSgdfgHFFghfhFHFGsdfsgdfgd” with the salt added. This makes it very difficult for hackers to know where the password stops and the “salt” begins.

The problem is that some companies – like Adobe – use a single, “global” salt. This means that if someone steals many passwords, the salt starts to look obvious:

DSgdfgHFFghfhFHFGsdfsgdfgd
dSFRGGDFvdFDEHTsdfsgdfgd
SDFdfvdfbfgbfrrtgrgrgrsdfsgdfgd
dfWTE%5gr5RFR4grgrsdfsgdfgd

Can you see where the salt is? This makes the salt almost useless. Therefore the Adobe hack means your password is much more vulnerable than if a company was using “unique” salts. Unique salts ensure that there is a new code for each password, so you can’t tell where the salt begins or ends, even if you have every password:

DSgdfgHFFghfhFHFGd33dwef4f
dSFRGGDFvdFDEHTvrfgg5g5g45
SDFdfvdfbfgbfrrtgrgrgrg5g4g545
dfWTE%5gr5RFR4grg5y^J&J^&*i

Obviously, the unique salts are much more secure.

Only by looking at the hacked data can we work out that Adobe used a global salt, meaning that our passwords are quite insecure in the hacked data. And if you use the same password for every online service (you shouldn’t), the password could be discovered and used on your other accounts.

Easy reading for hackers

Finally, the leaked Adobe information means that we can see exactly what the hackers see, which is information in this format:

103251449-|–|-[...]@yahoo.co.jp-|-hbpRGiyyvW0Ix+w38j30rA==-|-password|–
103251644-|–|-[...]@yahoo.com-|-7ZANzFDeVNU=-|-only password|–
103251834-|–|-[...]@seznam.cz-|-L8qbAD3jl3jioxG6CatHBw==-|-? password|–
103252332-|–|-[...]@yahoo.com-|-N/Bo4qtibWs=-|-where is my password?|–
103252463-|–|-[...]@aol.com-|-//mMaopP+fE=-|-habbo password|–
103252538-|–|-[...]@yahoo.com-|-8rGaJa+8UUSY41q03G/5+A==-|-real password|–
103252720-|–|-[...]@gmail.com-|-YQR6szpR2NTioxG6CatHBw==-|-gmail password|–
103253089-|–|-[...]@yahoo.co.uk-|-rFB6XOjEj1S/hiuNpU1UXA==-|-password|–
103253394-|–|-[...]@gmail.com-|-aK1lx9gGXIyTrmSEaSpL2A==-|-password|–
(data from afreak.ca)

The […] replaces real email addresses that are available to the hackers, while the big mix of letters – hbpRGiyyvW0Ix+w38j30rA – represents an encoded password. Finally, the secret question is not encrypted at all, and you can even see that someone has admitted that their Adobe password is also their Gmail one – a security nightmare!

We hope the above information shows you that the hacking of big companies can be a big, scary thing, especially if you’ve got a secret question which easily reveals your password. As we’ve said before, it can be annoying, but taking time to care about your security is very important.

Data from: https://afreak.ca/blog/what-is-known-about-the-adobe-breach-now-and-what-is-in-store/

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

 
Norman

The Author:

Made up of various contributors' opinions and insights - the power of the collective.

For Consumption Bloggers

Norman Safeground Blogs Archive