Adobe hacked, ColdFusion source code stolen

Updated happygeek 3 Tallied Votes 482 Views Share

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems." These are the words of Brad Arkin, Chief Security Officer at Adobe as he reveals that one of the biggest names in the software business has fallen victim to what can only be described as a massive security breach: passwords and credit card data for nearly three million customers, source code for Adobe products - folks this looks like it was Xmas come early for the hackers.

Adobe has now confirmed that Adobe Acrobat, ColdFusion and ColdFusion Builder were amongst those hit, and 'other products' were also involved although it has yet to state which for some reason. This in itself is very big news, and very unusual as far as security breaches go. We are far more used to hearing of login and password databases being compromised, credit card data stolen etc. Things with an obvious and quick route turning a profit for the cyber criminals. However, stealing the source code for such high profile and widely-used software is something else. Now, it could be that the hackers just stumbled across the code during a successful breach of security systems and 'got lucky' in finding it when customer data was the real target. Or the reverse could be true and it could be that the hackers were after the source code primarily and just grabbed whatever collateral was laying around and accessible while they were at it. Whatever the case, and we will probably never know, the fact of the matter is that with access to the full source like this, skilled and malicious cyber criminals will be able to examine the code for vulnerabilities in a way that they wouldn't be able to otherwise. Given the relatively poor track record that Adobe has when it comes to vulnerabilities, I wouldn't be at all surprised if some new zero-day exploits emerge in the coming weeks and months.

Brad Arkin has stated that relevant customer passwords are being reset, and those impacted will get an email notification forthwith. "We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident" Arkin continues "If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you." Adobe is also offering customers whose credit or debit card information has been accessed the option of enrolling in a one-year complimentary credit monitoring membership where available. The company has also notified the banks processing customer payments for Adobe and, of course, federal law enforcement.

masijade 1,351 Industrious Poster Team Colleague Featured Poster

Eww, that with the notification email could also turn out to be a windfall for the hackers. What's to stop them from sending a phishing attack (although that is not really necessary, but could also give them the "new" password) or trojan email using that as the bait?

<M/> 170 Why so serious? Featured Poster

Fortunately, i have not been hacked yet. I some how suspected this to happen to adobe. It seemed kind of obvious.

Atli 182 Posting Pro

I just hope Adobe Reader and the Flash Player weren't among those unnamed "other products". Those two are extremely widely used, and have enough security problems as it is. If hackers get hold of the actual source code for them, it would be a major security threat for most Windows and Mac users out there. (Users of other platforms would, for once, benefit from being left out in the cold...)

yessi_1 0 Newbie Poster

i dont think it would be hacked. Becuase adobe is a very high secured. May be p[ossible by someone who have code of adobe.

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

i dont think it would be hacked. Becuase adobe is a very high secured.

A ha ha ha ha ha ha ha ha ha.
Ha ha ha ha ha ha ha ha ha ha ha ha.
Ha ha ha ha ha.
ROFL
Bonk...

RobertHDD 15 Posting Whiz in Training

Every site is not secured mate and happygeeks serious anyway back to talking Ive noticed that the number 1 magazine company PC & TA here in Australia was hacked and I cant even install half of their crap because its being infected by a no good hippies hacking group who sits their all day playing around with us. Not funny!

RobertHDD 15 Posting Whiz in Training

Actually another thing that fake adobe might install by itself and i think happygeeks on the money here

ewai1 0 Newbie Poster

This is interesting update about adobe and coldfusion

RobertHDD 15 Posting Whiz in Training

I also hate trojans

Member Avatar for diafol
diafol

This is interesting update about adobe and coldfusion

Well it was a year ago. You guys should keep up. Replying to a dead thread (9 months+) ... oh I can't be bothered, it was so long ago...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.