3

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems." These are the words of Brad Arkin, Chief Security Officer at Adobe as he reveals that one of the biggest names in the software business has fallen victim to what can only be described as a massive security breach: passwords and credit card data for nearly three million customers, source code for Adobe products - folks this looks like it was Xmas come early for the hackers.

Adobe has now confirmed that Adobe Acrobat, ColdFusion and ColdFusion Builder were amongst those hit, and 'other products' were also involved although it has yet to state which for some reason. This in itself is very big news, and very unusual as far as security breaches go. We are far more used to hearing of login and password databases being compromised, credit card data stolen etc. Things with an obvious and quick route turning a profit for the cyber criminals. However, stealing the source code for such high profile and widely-used software is something else. Now, it could be that the hackers just stumbled across the code during a successful breach of security systems and 'got lucky' in finding it when customer data was the real target. Or the reverse could be true and it could be that the hackers were after the source code primarily and just grabbed whatever collateral was laying around and accessible while they were at it. Whatever the case, and we will probably never know, the fact of the matter is that with access to the full source like this, skilled and malicious cyber criminals will be able to examine the code for vulnerabilities in a way that they wouldn't be able to otherwise. Given the relatively poor track record that Adobe has when it comes to vulnerabilities, I wouldn't be at all surprised if some new zero-day exploits emerge in the coming weeks and months.

Brad Arkin has stated that relevant customer passwords are being reset, and those impacted will get an email notification forthwith. "We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident" Arkin continues "If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you." Adobe is also offering customers whose credit or debit card information has been accessed the option of enrolling in a one-year complimentary credit monitoring membership where available. The company has also notified the banks processing customer payments for Adobe and, of course, federal law enforcement.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

8
Contributors
10
Replies
83
Views
4 Years
Discussion Span
Last Post by diafol
3

Eww, that with the notification email could also turn out to be a windfall for the hackers. What's to stop them from sending a phishing attack (although that is not really necessary, but could also give them the "new" password) or trojan email using that as the bait?

0

Fortunately, i have not been hacked yet. I some how suspected this to happen to adobe. It seemed kind of obvious.

0

I just hope Adobe Reader and the Flash Player weren't among those unnamed "other products". Those two are extremely widely used, and have enough security problems as it is. If hackers get hold of the actual source code for them, it would be a major security threat for most Windows and Mac users out there. (Users of other platforms would, for once, benefit from being left out in the cold...)

-4

i dont think it would be hacked. Becuase adobe is a very high secured. May be p[ossible by someone who have code of adobe.

1

i dont think it would be hacked. Becuase adobe is a very high secured.

A ha ha ha ha ha ha ha ha ha.
Ha ha ha ha ha ha ha ha ha ha ha ha.
Ha ha ha ha ha.
ROFL
Bonk...

0

Every site is not secured mate and happygeeks serious anyway back to talking Ive noticed that the number 1 magazine company PC & TA here in Australia was hacked and I cant even install half of their crap because its being infected by a no good hippies hacking group who sits their all day playing around with us. Not funny!

0

Actually another thing that fake adobe might install by itself and i think happygeeks on the money here

0

This is interesting update about adobe and coldfusion

Well it was a year ago. You guys should keep up. Replying to a dead thread (9 months+) ... oh I can't be bothered, it was so long ago...

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.