Adobe has quietly removed a private encryption key used to secure its communications, after it was posted on the company's security blog.
Security researcher Juho Nurminen discovered over the weekend that a member of Adobe's Product Security Incident Team (PSIRT) had published the private Pretty Good Privacy (PGP) digital key instead of just the public one.
Attackers with access to Adobe's private encryption keys can not only read scrambled PGP communications, they are also able to impersonate the company when sending encrypted messages.
While releasing a private key could have had disastrous consequences for Adobe, Nurminen pointed out that the credential published was only four days old, and hadn't been commonly used.
The key has since been revoked from PGP servers around the world, and can no longer be used.
Adobe has yet to comment on the error.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
