More than a month after Adobe suffered a massive security breach, Facebook is pushing users to update their password and security settings.

Though Facebook was not directly involved in the Adobe hack, the social network is taking precautions for those members who used the same email and passcode sequence for Facebook and Adobe.

"We actively look for situations where the accounts of people who use Facebook could be at risk  even if the threat is external to our service," a Facebook spokesman told PCMag. "When we find these situations, we present messages to people to help them secure their accounts."

According to that notice, users must answer additional security questions and change their password. "For your protection, no one can see you on Facebook until you finish," the message (below) reads.

Early last month, Adobe revealed that it had recently suffered a massive security breach which compromised the IDs, passwords, and credit card information of nearly 3 million customers, as well as login data for an undetermined number of accounts.

The organization later amended its estimate, increasing the original number from nearly 3 million to 38 million. As reported by security reporter Brian Krebs, the breach may have impacted even more people  closer to 150 million Adobe users.

According to an Adobe spokesman, the company has reset passwords for all users whose credentials were in the hacked database. Customers have also been urged to change their passwords for any website on which they use the same ID and code  like Facebook.

"Adobe welcomes the initiative taken by Facebook and other service providers to reset user passwords as a precaution in an effort to help protect our mutual customers," the spokesman said in a statement.

Facebook security engineer Chris Long chimed in on Krebs's blog, offering behind-the-scenes clarity about the situation.

"We used the plaintext passwords that had already been worked out by researchers," he explained. "We took those recovered plaintext passwords and ran them through the same code that we use to check your password at login time."

"We're proactive about finding sources of compromised passwords on the Internet. Through practice, we've become more efficient and effective at protecting accounts with credentials that have been leaked, and we use an automated process for securing those accounts," Long said.

Additionally, Krebs reported on Monday that Adobe appears to have used a single encryption key to scramble all of the leaked user credentials. If so, anyone able to hack Adobe's decryption key will gain immediate access to every password in the database.

For more, see Adobe's Hacked Passwords: They Are Terrible, as well as Get Organized: How I Cleaned Up My Passwords in 5 Weeks.

Editor's Note: This story was updated Wednesday with comment from Adobe.

Further Reading

Productivity Reviews