Most of us are aware of the security risks involved with using the same password for multiple accounts online. The recent security breach at Adobe is a good example for individuals who ignore the warnings.
Following a security breach at Adobe, Facebook locked some users out of their accounts due to the fact that their login credentials were exposed. Facebook users who used the same credentials will notice a security prompt when attempting to log in. The security prompt informs the user of a security incident occurring on another website unrelated to Facebook, explaining that their accounts are at risk because of the password.
The Facebook security message asks users to answer a few questions and change their password for their own protection. According to a blog post from Facebook security engineer Chris Long, “Through practice, we’ve become more efficient and effective at protecting accounts with credentials that have been leaked, and we use an automated process for securing those accounts.”
In October, Adobe announced that 2.9 million customers information was breached, including their log-in credentials for Adobe’s online services. Shortly after, a file containing 150 million Adobe user names and passwords appeared online, forcing the company to revise its estimation. Ultimately, Adobe estimated that the breach affected roughly 38 million active users.
In order to determine which users’ passwords were used for multiple accounts, Facebook and other companies scanned some of the leaked Adobe information to check for email and password pairs that match their own users.
“We used the plain text passwords that had already been worked out by researchers,” Chris Long said. “We took those recovered plaintext passwords and ran them through the same code that we use to check your [Facebook] password at login time.”