Adobe Says Almost 3 Million Accounts Compromised in Illegal Access to Source Code
posted Saturday Oct 5, 2013 by Nicholas DiMeo
We could go on and on and on about websites and companies getting hacked, compromising millions of customers' data, seemingly ever three months or so. One of the more notable cases was in 2011, when Sony's PlayStation Network was hacked, taking the service down for a very long time and causing stress and identify theft to customers everywhere. This week is no exception, as Adobe is in the news for a breach that's put 3 million accounts at risk.
At first, an Adobe blog post explained some of what happened, which involves illegal access to source code for various Adobe products.
Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.
Adobe thanks Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer, Hold Security LLC. holdsecurity.com for their help in our response to this incident.
We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.
At the time of the post, it seemed like everything could have been contained. However a blog post a few days later revealed that customer data was indeed compromised, but Adobe believes that decrypted credit card numbers were not removed from its systems, but encrypted numbers have been put at risk. Chief Security Officer Brad Arkin explains,
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders... We're working diligently internally, as well as with external partners and law enforcement, to address the incident.
So, now that almost 3 million customers have had some sort of data compromised, Adobe is taking action. Any "relevant" customer password have been reset to stop unauthorized access to their Adobe ID accounts. An email should be in any affected customers' inboxes with instructions on how to reset the password. For those customers who may have had their credit card numbers put at risk, Adobe will be in contact with those people and will be offering one-year of credit monitoring services for free. Adobe has also let any banks know about the breach and are working with card-issuing banks to protect customers' accounts. Anyone with concerns should visit Adobe's customer support page, where agents can be of assistance.
This serves as an unfortunate reminder that no account is safe anywhere, and two use two-step verification systems, online-only debit cards with limits and other security measures whenever possible. Do constant security breaches like this deter you from putting your information online and trusting said information with any company? Why or why not? We want your thoughts in the comments section below.
