Credit where credit is due:
Nov. 12th, 2013 02:47 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
theweaselkingFacebook is doing something very clever. You've all heard about legendarily-incompetent company Adobe's most recent security breach? If not, short version: they lost 150 million sets of user data, poorly encrypted.
Well, what Facebook's done is grabbed the list, and for every email address in Adobe's database that has a Facebook account, they've tried the matching Adobe password against it. And if the passwords match, they've disabled the account and forced a password change. Because even though your Facebook password wasn't compromised, your Adobe password was and *you used the same password in both places*.
This is quite clever. Krebs notes that a couple of other sites are doing the same thing, and, really, more sites should.
Well, what Facebook's done is grabbed the list, and for every email address in Adobe's database that has a Facebook account, they've tried the matching Adobe password against it. And if the passwords match, they've disabled the account and forced a password change. Because even though your Facebook password wasn't compromised, your Adobe password was and *you used the same password in both places*.
This is quite clever. Krebs notes that a couple of other sites are doing the same thing, and, really, more sites should.