Adobe’s product security incident response team (PSIRT) accidentally published a private PGP key on its blog. The compromised key was quickly revoked and a new key was generated after the incident came to light.
Adobe PSIRT updated its PGP key on Friday and published the new public key, which should have been valid until September 2018, on its blog. However, Finland-based security researcher Juho Nurminen noticed that scrolling down in the blog post also revealed the private PGP key, which Adobe, obviously, should have kept private.
