Adobe security team fumble sees private PGP key published

By on
Adobe security team fumble sees private PGP key published

Key revoked soon after blogging blunder.

Adobe has quietly removed a private encryption key used to secure its communications, after it was posted on the company's security blog.

Security researcher Juho Nurminen discovered over the weekend that a member of Adobe's Product Security Incident Team (PSIRT) had published the private Pretty Good Privacy (PGP) digital key instead of just the public one.

Attackers with access to Adobe's private encryption keys can not only read scrambled PGP communications, they are also able to impersonate the company when sending encrypted messages.

While releasing a private key could have had disastrous consequences for Adobe, Nurminen pointed out that the credential published was only four days old, and hadn't been commonly used.

The key has since been revoked from PGP servers around the world, and can no longer be used.

Adobe has yet to comment on the error.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?