Adobe

We've been tracking the increasing volume of credential stuffing attacks targeting creative professionals, and a recent leak has amplified our concerns. While breaches at large tech companies are commonplace, the sheer volume of Adobe user data surfacing on underground forums is notable. What set this apart wasn't just the quantity of records, but the clear targeting of a specific user base known for its high value assets and reliance on cloud-based services. The exposed data appears to stem from a historical incident, but its continued circulation and potential for misuse demands immediate attention.

The 2013 Adobe Breach Resurfaces: 153 Million Records in Circulation

The compromised data, originating from the infamous 2013 Adobe breach, has resurfaced in readily accessible formats across multiple dark web forums and Telegram channels. While the breach itself is well-documented, the persistence of this data and its continued availability for malicious actors poses an ongoing threat. We first observed active discussions about the dataset on a popular hacking forum on October 26, 2023. The data was presented as a complete user database dump, sparking immediate interest and numerous download requests. The resurgence likely reflects the continued utility of these credentials for credential stuffing attacks against Adobe and related services, as well as potential use in identity theft and other fraudulent activities. This breach underscores the long-term risks associated with data breaches, even those that occurred years ago. The data had been circulating quietly, but we noticed a sharp uptick in mentions and shares across various platforms, indicating renewed interest from threat actors.

Breach Stats:

* Total records exposed: 153 million
* Types of data included: Usernames, hashed passwords (primarily salted MD5), email addresses, password hints, account creation dates.
* Sensitive content types: While not directly containing sensitive content, the potential for accessing creative projects, financial information linked to Adobe accounts, and PII makes this a high-risk breach.
* Source structure: Likely a database dump, now circulating as text files (usernames and passwords) and potentially SQL dumps.
* Leak location(s): Widely available on various dark web forums, Telegram channels, and file-sharing sites.

External Context & Supporting Evidence

The 2013 Adobe breach has been extensively reported on by numerous security news outlets. KrebsOnSecurity provided detailed coverage at the time of the breach, highlighting the company's initial response and the implications for users. Brian Krebs' reporting emphasized the use of weak hashing algorithms (MD5) for password storage, a significant factor contributing to the breach's severity.

Security researcher Troy Hunt added the leaked Adobe credentials to his Have I Been Pwned? database, allowing users to check if their accounts were compromised. This proactive step helped raise awareness and encouraged users to update their passwords.

Recent discussions on Reddit's r/DataHoarder subreddit indicate continued interest in the Adobe data dump, with users sharing links to the data and discussing methods for cracking the MD5 hashes. One user commented, "Still seeing hits from this in my password cracking rigs. A surprisingly high number of people haven't changed their passwords since 2013."