Facebook protects users following Adobe hack attack
Published: 13th Nov 2013 12:55:41
Facebook has acted to protect users it suspects have been compromised by the recent theft of Adobe log-ins.
The social network is asking those identified to answer security questions before granting them access.
Online retailers Diapers.com and Soap.com are among other sites to have tried to pinpoint members who used the same email-password combinations.
Adobe said in October that details from at least 38 million accounts had been stolen in a security breach.
The software firm - which makes Photoshop and the Flash plug-in - had encrypted the accounts' passwords, but not their usernames or password hints.
Security researchers have since demonstrated that this information could be used to expose at least some of the Adobe account holders' details.
News of the protective steps being taken by Facebook were first reported by investigative reporter Brian Krebs on his blog. The firm has since confirmed to the BBC that the details are accurate.
Affected members are presented with a message warning that their account may have been accessed by someone else following the attack on Adobe.
"Facebook was not directly affected by the incident, but your Facebook account is at risk because you were using the same password in both places," it states.
"To secure your account, you'll need to answer a few questions and change your password. For your protection, no-one can see you on Facebook until you finish."
Chris Long, a member of Facebook's security team, said it had developed an automated process to tackle situations like this.
It works by taking the Adobe passwords that third-party researchers had managed to unencrypt and running them through the "hashing" code used by Facebook to protect its own log-ins.
Hashing involves using an algorithm to convert a plaintext password into an unrecognisable string of characters. Utilising the tool means a service does not need to keep a record of the password in its original form.
Although the process is designed to be irreversible - meaning a hacker should not be able to reverse-engineer the technique to expose the credentials - it does have the same effect each time, meaning the same original entry would always result in the same hashed code.
Facebook took advantage of this to scan through its own records to see which of its users' hashed passwords matched those of Adobe's and had overlapping email addresses.
"Through practice, we've become more efficient and effective at protecting accounts with credentials that have been leaked," said Mr Long.
The details have coincided with news of a fresh hack attack.
The latest target was MacRumors.com - a site used to discuss leaks and speculation about future Apple products.
The site's administrator, Arnold Kim, has suggested its 860,000 users change their log-ins both for the website and any other services where they used matching credentials.
Although MacRumors had hashed the log-ins, Mr Kim acknowledged the process used was "not that strong, so assume your password can be determined with time".
One expert said this latest breach should be a wake-up call to anyone still using identical log-ins for different services.
"Users have two options," said Mikko Hypponen, chief research officer at security advisers F-Secure.
"Either remember a variety of passwords or use a password management tool - software that manages your passwords for you so you only need to remember one master password for the tool, and it then recalls and enters the credentials for you - I recommend the latter."
At 09:00:05 in CharitySurgeon and writer Atul Gawande will deliver this year's BBC Reith Lectures.
At 08:52:04 in WalesA former Labour adviser says some of the reaction to the sacking of environment minister Alun Davies' has been 'disproportionate'.
At 08:32:19 in SportCardiff City manager Ole Gunnar Solskjaer has revealed Craig Noone is likely to undergo further tests on a long-standing groin injury.
At 08:23:23 in HeadlinesUS Secretary of State John Kerry has landed in Vienna to join negotiations on Iran's nuclear programme as they enter their final week.
At 08:15:27 in SportTheir golfing stories could scarcely be more different, but nothing separates Marc Warren and Justin Rose going into the final round of the Scottish Open at Royal Aberdeen.
At 08:02:52 in Northern IrelandA pedestrian in his 20s has died following an early morning road traffic collision in Londonderry.
At 07:49:05 in SportFive-time Olympic swimming champion Ian Thorpe is set to reveal he is gay in an interview on Australian television.
At 07:48:58 in BusinessIf you're looking for an aerospace executive or military high-up this week, try Farnborough, a small town in Hampshire, some 20 miles west of London.
At 07:47:33 in Northern IrelandA man has died after getting into difficulties while diving at St John's Point off the County Donegal coast.
At 06:09:42 in HeadlinesThe rumours of child abuse by senior political figures and high-level cover-ups continue to wash around the newspapers, and Sunday's press contains a number of claims, accusations and sometimes lurid headlines.
Harvard CitationBBC News, 2013. Facebook protects users following Adobe hack attack [Online] (Updated 13th Nov 2013)
Available at: http://www.ukwirednews.com/news/1520757/Facebook-protects-users-following-Adobe-hack-attack [Accessed 13th Jul 2014]
News In Other Categories
A student has been charged with murdering a 24-year-old man who was stabbed in Essex.
There are estimated to be around 56m deaths per year according to the World Health Organisation - and it's thought half are not registered - so there is a lot of missing information about what people die of. The Million Deaths Study aims to change that by investigating one million deaths in India - and there have been some surprising discoveries.
US Secretary of State John Kerry has landed in Vienna to join negotiations on Iran's nuclear programme as they enter their final week.
A former Labour adviser says some of the reaction to the sacking of environment minister Alun Davies' has been 'disproportionate'.
The US Securities and Exchanges Commission (SEC) has suspended trading in Cynk Technology after shares in the little-known social networking firm surged more than 23,000% in the past month.
If you're looking for an aerospace executive or military high-up this week, try Farnborough, a small town in Hampshire, some 20 miles west of London.