Adobe, which suffered from a severe security breach recently, has admitted that its timeline of alerting affected users is stretching and is ‘taking longer than expected’.
Adobe came across evidence that its systems were breached on September 17 and went public about the hack on September 3. At the time Adobe revealed that it had initiated the process of notifying all the affected users. Adobe claimed initially that hackers who made away with source code of some of its software as well stole details of 38 million users.
In an emailed statement to Reuters Adobe spokesperson Heather Edell revealed that “Email notifications are taking longer than we anticipated.” The delay is a result of a cap on the maximum number of emails that can be sent at one time to avert any of those emails being marked as spam. According to Edell, only 2.9 million affected users have been informed till date – some through emails, some through letters.
Data dumps of stolen information believed to be from Adobe indicate that the hack was far more severe and involved theft of details of over 150 million users. Adobe has downplayed this number by claiming that 25 million records contained invalid email addresses while 18 million have since changed their passwords. Further the company has also claimed that the user records were stolen from a server that was about to be decommissioned and didn’t have up to date information.
Security companies have analyzed the data dumps and have even pointed out the top 100 common passwords used by Adobe customers. Security experts have criticized the company for not enforcing any minimum password quality requirements as passwords such as ‘123456’, ‘123456789’, ‘password’ and ‘adobe123’ were being used by hundreds of thousands of Adobe users.
Facebook and Evernote have analyzed the data dumps on their own and have asked users who used same email address and password combination on both the services to change their passwords for security reasons.
