If you have an Adobe account, beware: you should change your password and keep a closer-than-usual eye on your credit report and other financial activities.
Last month Adobe admitted it had suffered a major cyber attack that compromised the data of 2.9 million users; in addition to passwords and email information, that compromised data might also have included customers’ debit or credit card information.
It gets worse. Adobe’s initial report of 2.9 million compromised data accounts was bad enough, but three weeks later, on Oct. 29, Adobe revised the estimate upward to 38 million accounts., over 10 times higher than their original number.
Then, on Nov. 4, Paul Ducklin at Sophos’ Naked Security blog reported that data from over 150 million hacked Adobe accounts had appeared online.
Adobe, however, is sticking to its earlier 38 million figure. But tech and computer security journalists everywhere from GeekWire to the Guardian seem to believe Ducklin over Adobe. This is an important point of contention because Adobe said it has sent warning letters to, and arranged credit alerts for, all customers whose data has been compromised—presumably, to 38 million people. But if Ducklin’s is the correct number, that leaves an additional 112 million Adobe customers at risk and unaware of it.
LastPass has created an online tool Adobe customers can use to see if their emails have been compromised—and it’s worth noting that LastPass thus far says it hasn’t noticed any signs of unauthorized activity in any Adobe user’s emails.
We’re not tech-security experts; if you’re a concerned Adobe user, the tech articles we’ve linked to here offer far more specific advice than we can. However, we do have some generalized online security tips that all people, not just Adobe users, should keep in mind.
If a hacker breaches the database of a company that has your personal information, well, there’s really nothing you can do to prevent that. Even adopting a Luddite lifestyle — “I will never ever buy anything, or undergo any financial transaction, online!”— offers no guarantees. (We personally had to put a credit alert on our accounts a few years ago, after somebody working for our state’s tax-collection bureaucracy lost a laptop computer loaded with the names, Social Security numbers and other information about tens of thousands of state taxpayers, including us.)
But what you can do — what you should do — is conduct your online affairs so that the damage from any one company data breach will be limited to your activities with that company.
For example: never use the same password for more than one account. Some people, for simplicity’s sake, like to use a single password for everything: online email, online banking, online shopping, maybe an online chat forum or two. That definitely makes it easier for you to remember your passwords — and also means a hacker who breaches one of your accounts gets access to all of them.
If you only have a few regular online activities, you might also consider opening a separate web-based email account for each one: use this email address to register for Facebook, use that email for shopping at Amazon. (Confession: we don’t strictly follow that advice ourselves, because we have too many online accounts; however, we do limit ourselves to only two or three accounts per email address.)
And every few days or so, you might try typing terms like “hacker” or “compromised data” into an online news search engine, and see what recent stories pop up; if you read the names of companies with whom you have an account, that’s when you know to be extra-vigilant.