If you login to Facebook over the next few days and weeks, you might get this message asking you to change your password:
Note that the message says that “no one can see you on Facebook” until your password has been changed.
Facebook is asking millions of people to change their passwords if they had an account with Adobe, the content creation and cloud marketing company. Adobe was hacked recently and up to 150 million passwords were exposed.
Facebook is taking those exposed passwords and searching its system to find users who may have used the same password for Facebook. Those people will be asked to change their passwords.
The password crisis was triggered because Adobe apparently used only one encryption key for all its stored customer passwords, according to Krebs On Security:
What’s more, experts say Adobe appears to have used a single encryption key to scramble all of the leaked user credentials, meaning that anyone who computes, guesses or acquires the decryption key immediately gets access to all the passwords in the database.
The Adobe password hack is causing a huge headache all across the web. At first, it seemed that just a few million passwords had been stolen. But then that estimate increased to 38 million. And Krebs said the total universe of compromised passwords could be as high as 150 million.
So Amazon, Diapers.com and Microsoft are struggling with the same issue: The Adobe password cache is so massive that there are likely multiple millions of users with accounts at other companies who used identical passwords. Because the hackers can match passwords to IDs (email for instance), anyone who used the same password at Adobe for any other online company is now potentially screwed.