Due to recent hacks on Adobe Systems, Boston University officials are encouraging affiliates with Adobe accounts to change their account passwords for personal protection, BU Information Security officials said.
Students with Adobe accounts, which are often used by students and faculty to download popular programs such as Photoshop, could potentially face hacks outside of Adobe if they used the same passwords for different online accounts on various sites, said Executive Director of Information Security Quinn Shamblin.
“The general problem is that people tend to use the same passwords and the same usernames across multiple systems,” he said. “So when Adobe was the victim of a hack earlier last month, the usernames and passwords that people used to register their Adobe products, and in some cases to buy their Adobe products, could potentially be the same username and password that they use everywhere else.”
The hackers are attempting to gain password information through a program they developed that decrypts passwords, Shamblin said. By matching the usernames to the decrypted passwords, the attackers attempt to use personal accounts to log into highly trafficked websites.
“It will do all of this automatically and very quickly,” he said. “If the person has reused the same password in multiple systems, the fact that their information was leaked out from Adobe exposes them to risk in other places.”
Potential targets for the hackers include sites such as Facebook, eBay, PayPal, Amazon, YouTube and Google, as well as all major banks and credit card companies, said Shamblin.
Even BU Kerberos accounts are at risk if users employed the same password for their Adobe account as they did for their Kerberos.
“It’s possible that those people used the same password [for Adobe] as they did for their accounts here at BU,” he said. “We know for a fact that some of them did, because the password hint said the word ‘Kerberos.’”
The hackers’ violations include accessing Adobe IDs and passwords as well as removing customer names, credit and debit card numbers, expiration dates and information regarding orders of more than 2.9 million customers, said Adobe Chief Security Officer Brad Arkin in a blog post on their website.
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems,” he said in the post.
Victims of the hackings were notified and offered compensation, Arkin said.
“At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems,” he said. “We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”
Although Adobe officials are taking measures to fix this crisis, Shamblin said he cautions Adobe users at BU to protect themselves from hackers by changing the passwords to their Adobe accounts as well as any other online accounts with the same password, especially accounts that may have user credit card information on file.
“It’s human nature for us to try to simplify our lives, so many people use the same password all over the place,” he said. “So they need to go change it all over the place. If they change the password, they probably will be protected, because the stolen information will not allow the hackers to get in there and do anything with the account.”
Despite the issues in the Adobe database, Shamblin said it is not necessary for anyone to delete Adobe accounts. As long as users take necessary precautions to protect themselves, BU affiliates are safe to continue using Adobe products and services.
“Adobe is a good company,” he said. “They do a lot of good stuff, but unfortunately, there’s some small issues that they had, and they were the victims of this attack. That puts the rest of us at risk, and we need to take some action to help protect ourselves.”
This is an account occasionally used by the Daily Free Press editors to post archived posts from previous iterations of the site or otherwise for special circumstance publications. See authorship info on the byline at the top of the page.
