Pages: [1]   Go Down

Author Topic: Dear Colleagues, IMPORTANT security breach at ADOBE, please read, IMPORTANT  (Read 7911 times)

julienlanoo

  • Full Member
  • ***
  • Offline Offline
  • Posts: 228

Hi guys, Colleagues, Forumists,
This is important your personal data @ Adobe could be out in the wild! You might have to change your passwords and data on there.

i received a mail today from Evernote, stating a important security breach at Adobe ( read bellow)
It seems ligit , as it was send from an official evernote email address ( team@mail.evernote.com) , i dit a tracert on that URL and email address and also a "whois", it's a ligit email address from evernote.

It's fantastic that a completely different company has to tell us, "hey guys there's a problem" please check it, our service can be affected by that do !..

Thanks Adobe for NOT LETTING US KNOW, you had a problem that affects our personal data, ( visa, user rights etc etc), really thank you...
Fantastic service guys, really thank you!

For European Users, The European commission states 3 things: 1 - Every product sold in EU has to comply with EU law  ( Quality, service, protection,) 2- Privacy law states that all personal data collected has to be protected the appropriate way. 3- a contract is only vallid when it has been signed by the contract writer and taker ( signed as in by hand ).
So 2 and 3 are important here 2 -> not complied, 3-> Accepting terms and conditions online by clicking accept is in EU not a valid contract.

 

"Evernote
There were published reports recently of a security breach at Adobe that may have exposed private information, including Adobe passwords, email addresses and passwords hints of millions of users. The list of compromised Adobe accounts has been uploaded to the web. We compared this list to our user email addresses and found that the email address you used to register for an Evernote account is on the list of exposed Adobe accounts.

Evernote has not been compromised and is not connected to this incident, but if you used the same password for Adobe and Evernote, then you should change your Evernote password now.

Here are some additional tips for keeping your information in Evernote, and other websites, safe:


Avoid using simple passwords based on dictionary words

Never use the same password on multiple sites or services

Never click on ‘reset password’ requests in emails — instead go directly to the service
For additional security, you can set up Two-Step Verification for your Evernote account in Evernote Web Settings. For more information about Two-Step Verification, read our blog post:

http://blog.evernote.com/blog/2013/10/04/two-step-verification-available-to-all-users/

If you have any questions or concerns, Evernote Support is here to help.

The Evernote Security Team
"
Logged

haplo602

  • Newbie
  • *
  • Offline Offline
  • Posts: 43

If I read it correctly, Evernote just told you to check if you password for Adobe and Evernote is the same since you used the same email address to register. The Adobe attackers can try to use your Adobe credentials on your Evernote account. That's all there is to it.

It has nothing to do with a new breach at Adobe, just that Evernote did some due diligence and checked user data from the last one.
Logged

julienlanoo

  • Full Member
  • ***
  • Offline Offline
  • Posts: 228

No its in CASE that i ve got the same password, i havent but some may have the same..
So my Evernote password is NOT the same as Adobe's one, but some people use the same.

Actually that's not the point!

This means our Adobe acount info ( Visa, licensebs and so on ) are in the wild..
For instance " mine" as my account at Adobe apparently show up in the list ...

So i let other users and forum people know to check with Adobe, witch account exactly has been compromised, ( as you have cloud, Adobe account, Volume licence and so on).. And Adobe doesn't let us know witch one exactly has been attackt, we have to go and look for it our selfs and an other company has to let us know such an illegal list exists!

« Last Edit: November 22, 2013, 03:53:50 am by julienlanoo »
Logged

julienlanoo

  • Full Member
  • ***
  • Offline Offline
  • Posts: 228

This might help, : https://lastpass.com/adobe/
only i do not know if it's legit ... so wacht out
Logged

stamper

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 5882

This issue has been known for a few weeks and has been well covered on here and other places on the web. Have you been hibernating? I received a letter from Adobe [ UK ] outlining the problem and the "solution". Your use of Capitals may alarm some who think that a new problem has happened?  :-\

eronald

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 6642
    • My gallery on Instagram

At least we are sure the NSA got your password :)

Edmund
Logged
If you appreciate my blog posts help me by following on https://instagram.com/edmundronald

julienlanoo

  • Full Member
  • ***
  • Offline Offline
  • Posts: 228

@ stamper, Widely ?
Well as i am working all day, don't have time to search the web for a "probable" hypotethical problems...

One should expect some service from the company...
No letter, no email nothing over here..

Called Adobe, they told me " for us you are not affected" , 1 -> my account does show up in the list; 2-> even though, it might be nice to let everyone know.. Google it, quite easy to find the 10GB list in text file and just Apple F your email address..

Shurely if you take in count only 38 million mails and 150 million are affected some might not know!

I am just letting people know, please check that!

Any one wanting more info about how what where : http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
« Last Edit: November 22, 2013, 04:47:39 am by julienlanoo »
Logged

stamper

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 5882

@ stamper, Widely ?
Well as i am working all day, don't have time to search the web for a "probable" hypotethical problems...

You are a member here and imo the subject has been "done to death" on the forum. How could you have missed all of the posts? I think some - like me - will be a little irked when they click on the post expecting to see news of another "problem" and what they see is old news. :(

julienlanoo

  • Full Member
  • ***
  • Offline Offline
  • Posts: 228

@ Stamper, " fine, " delete the "F*ing" threat if it's that obsolete then as senior member you can do that can you ? ..
And while you at it, delete my account to .. 

Logged

jduncan

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 434

Hi,

Adobe was careless with the passwords in the sense that they store encrypted passwords instead of hashes. It's better practice to use non-related passwords on different sites, but most people use either the same passwords or variations of the same password. So the idea is to change any password that is related to the one used to access Adobe.


Best regards,
J. Duncan
Logged
english is not my first language, an I k

Christopher Sanderson

  • Sr. Member
  • ****
  • Offline Offline
  • Posts: 2693
    • photopxl.com
Re: Dear Colleagues, security breach at ADOBE...
« Reply #10 on: November 22, 2013, 04:22:40 pm »

Thanks for the OP's care & concern - I think we'll simply lock the topic before the f'ing & blinding gets too thick ))
Pages: [1]   Go Up