Facebook protects users following Adobe hack attack
Published: 13th Nov 2013 12:55:41
Facebook has acted to protect users it suspects have been compromised by the recent theft of Adobe log-ins.
The social network is asking those identified to answer security questions before granting them access.
Online retailers Diapers.com and Soap.com are among other sites to have tried to pinpoint members who used the same email-password combinations.
Adobe said in October that details from at least 38 million accounts had been stolen in a security breach.
The software firm - which makes Photoshop and the Flash plug-in - had encrypted the accounts' passwords, but not their usernames or password hints.
Security researchers have since demonstrated that this information could be used to expose at least some of the Adobe account holders' details.
News of the protective steps being taken by Facebook were first reported by investigative reporter Brian Krebs on his blog. The firm has since confirmed to the BBC that the details are accurate.
Affected members are presented with a message warning that their account may have been accessed by someone else following the attack on Adobe.
"Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places," it states.
"To secure your account, you'll need to answer a few questions and change your password. For your protection, no-one can see you on Facebook until you finish."
Chris Long, a member of Facebook's security team, said it had developed an automated process to tackle situations like this.
It works by taking the Adobe passwords that third-party researchers had managed to unencrypt and running them through the "hashing" code used by Facebook to protect its own log-ins.
Hashing involves using an algorithm to convert a plaintext password into an unrecognisable string of characters. Utilising the tool means a service does not need to keep a record of the password in its original form.
Although the process is designed to be irreversible - meaning a hacker should not be able to reverse-engineer the technique to expose the credentials - it does have the same effect each time, meaning the same original entry would always result in the same hashed code.
Facebook took advantage of this to scan through its own records to see which of its users' hashed passwords matched those of Adobe's and had overlapping email addresses.
"Through practice, we've become more efficient and effective at protecting accounts with credentials that have been leaked," said Mr Long.
The details have coincided with news of a fresh hack attack.
The latest target was MacRumors.com - a site used to discuss leaks and speculation about future Apple products.
The site's administrator, Arnold Kim, has suggested its 860,000 users change their log-ins both for the website and any other services where they used matching credentials.
Although MacRumors had hashed the log-ins, Mr Kim acknowledged the process used was "not that strong, so assume your password can be determined with time".
One expert said this latest breach should be a wake-up call to anyone still using identical log-ins for different services.
"Users have two options," said Mikko Hypponen, chief research officer at security advisers F-Secure.
"Either remember a variety of passwords or use a password management tool - software that manages your passwords for you so you only need to remember one master password for the tool, and it then recalls and enters the credentials for you - I recommend the latter."
At 22:00:20 in PoliticsThe zero-hours contract - alongside the payday loan and the bad bank - has gained a kind of totemic significance in the public imagination.
At 22:00:03 in ScotlandScottish independence would leave working people north and south of the border worse off, Ed Miliband has claimed.
At 21:50:40 in BusinessInternet retailer Amazon reported a 32% jump in profits to $108m (£64m) in the first quarter of 2014.
At 21:48:30 in EnglandPolice have carried out a series of raids in east London, following a BBC London investigation into shops willing to deal in stolen smartphones.
At 21:47:39 in BusinessMicrosoft reported net profit of $5.66bn (£3.37bn) in the first quarter, a decline from the same period last year but better than market estimates.
At 21:45:57 in SportGreat Britain beat the Netherlands 4-3 in their latest World Championship Division 1 Group B outing in Vilnius.
At 21:34:40 in SportThe Scottish Professional Football League will look into allegations that a Kilmarnock player's signature was forged on a contract.
At 21:11:26 in EnglandA farmer accused of manslaughter after a walker was killed by his bull has denied that the animal was aggressive.
At 21:09:55 in SportJurgen Klopp has ruled himself out of contention to become the next manager of Manchester United.
At 20:52:56 in WalesA 15 year-old girl has been cut free after becoming trapped in a children's swing in a park in Denbighshire.
Harvard CitationBBC News, 2013. Facebook protects users following Adobe hack attack [Online] (Updated 13th Nov 2013)
Available at: http://www.ukwirednews.com/news/1520757/Facebook-protects-users-following-Adobe-hack-attack [Accessed 24th Apr 2014]
News In Other Categories
With the doors to its brand new £1million training centre officially open, one of the UK's leading apprentice training providers, Bristol based S&B Automotive Academy, is showcasing its world-class facilities by launching a series of foreign student exchanges for the first time in its 41-year history. To get a flavour of what life is like as an apprentice in the UK, the Academy hosted 16 apprentice engineers and bus drivers from the G9 Automotive College in Hamburg, Germany, as part of a Europe-wide vocational training initiative called the ‘Leonardo Programme’ with support from the European Social Fund. In a reciprocal arrangement, S&B will be sending nine apprentices to Germany during February 2012 so that they can get an appreciation of life in the automotive industry on the Continent. A further three German exchange groups are being planned for next year. Designed to assist the development of vocational skills and training across Europe, including work placements for trainees, the Leonardo Programme has a budget of €1.75bn, which is helping to encourage UK organisations to work with their counterparts abroad. In what is expected to be another challenging year for employers in the UK automotive sector, S&B’s Chief Executive, Jon Winter, claims that the exchange initiative will bring many benefits to the Academy and its apprentices: “In a world of global automotive brands, it’s important for our learners to understand the international context of the industry they have chosen to make their career. This new exchange programme will enable apprentices and Academy staff alike to achieve a better understanding of the challenges and opportunities within the automotive arena in Europe. With the Academy’s influence also extending to the USA and Asia, there’s every possibility that this initiative could move further afield in the future.” Continued Winter: “The need for skilled technicians across the world is on the increase and we actively encourage our apprentices to look at broader horizons during their training. Many of them have already learned the phrase ‘Vorsprung durch Gelehrtheit’, quite simply, ‘Advancement through learning.” In the 2010/11 academic year, S&B doubled the number of successful Apprenticeships over the previous year with some 350 apprentices graduating from the Academy. At the same time, achievement levels reached an all-time high with an overall success rate of 85%. For those learners on the Advanced Apprenticeship three-year programme, success rates were even higher, at over 98%. PHOTO CAPTION: As part of their exchange visit, S&B Automotive Academy arranged for the German apprentices to visit Hampshire bus operator, Bluestar, at its Barton Park depot. The students are pictured with S&B’s Andy West (3rd right) and Steve Prewett, Bluestar’s Area Engineering Manager (2nd right). Ends http://www.sandbaa.com
Great Britain beat the Netherlands 4-3 in their latest World Championship Division 1 Group B outing in Vilnius.
The zero-hours contract - alongside the payday loan and the bad bank - has gained a kind of totemic significance in the public imagination.
Internet retailer Amazon reported a 32% jump in profits to $108m (£64m) in the first quarter of 2014.
A 15 year-old girl has been cut free after becoming trapped in a children's swing in a park in Denbighshire.
Director Peter Jackson has changed the title of the final film in his Hobbit trilogy from There and Back Again to The Battle of the Five Armies.