Things aren't getting much better for Adobe after the company endured a major security breach last month. If you believe the Sophos Naked Security blog, things may be far worse than originally thought. Adobe's initial estimate was that information on nearly 3 million user accounts was compromised during the intrusion. That number quickly ballooned up to 38 million. But according to Paul Ducklin at Naked Security, a database of Adobe user data has turned up online at a website frequented by cyber criminals. When all is said and done, Ducklin suggests Adobe's security blunder could rank among the worst in history. He says over 150 million "breached records" can be found in the database dump, which is a staggering 10GB when uncompressed. After analyzing a sample pool of records that were part of the leak, Sophos found that Adobe used some questionable encryption techniques.
For its part, Adobe is standing by its latest 38 million figure, and says that all impacted users have already been notified. The company was quick to reset passwords for everyone involved. Adobe says the perpetrators likely picked up "many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords, and test account data" in the breach, which may be playing a significant role in the huge total cited by Sophos. "We currently have no indication that there has been unauthorized activity on any Adobe ID account involved in the incident," a spokesperson tells The Verge. LastPass has set up an online tool to quickly find out if your email address is listed in the massive database.