October 4, 2013
Data Breach Leaves Numerous Adobe Customers In The Dark
Michael Harper for redOrbit.com - Your Universe Online
Adobe has admitted to a data breach that could leave 2.9 million users vulnerable to future attacks.
Adobe customers had their names, passwords and encrypted credit and debit card information accessed in the attack on the company’s servers. The hackers were also able to access the source code for many of Adobe’s products.
In a blog post, Adobe’s chief security officer Brad Arkin called the attacks sophisticated and said the company believes the attacks were related. Law enforcement officials are now working with Adobe to find the hackers behind these attacks and the company will begin notifying those customers who had their credit card information stolen from the servers. Arkin also suggests all Adobe ID customers change their passwords to their accounts, especially if this password is used for other websites.
“We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident,” wrote Arkin. “We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future.”
Adobe is now in the process of reaching out to those customers who had their information leaked as a result of this large data breach. Those who had their accounts compromised will receive an email from Adobe asking them to reset their password. Adobe is also investigating which customers had their payment information leaked as well. Arkin said the attackers weren’t able to access any decrypted bank information, but encrypted card numbers, expiration dates and passwords were accessed in this attack. These Adobe ID customers will receive a notification letter from Adobe and the option to enroll in a credit monitoring service free for one year. Adobe is also reaching out to the customers’ banks to protect these accounts.
Security researchers Brian Krebs and Alex Holden noticed the source code leak last week when they found 40 GB of code stored on the same server used by the cyber criminals behind last month’s data leak from three of the largest American data providers.
The company later confirmed the source code belonged to its Adobe Acrobat, ColdFusion, and ColdFusion Builder software, amongst others. Adobe says hackers haven’t yet used the source code to find and execute any zero-day exploits on its customers, but also suggested updating to the latest versions and applying all available security updates.
“We’re still at the brainstorming phase to come up with ways to provide higher level of assurance for the integrity of our products, and that’s going to be a key part of our response,” said Arkin in an interview with Brian Krebs.
“We are looking at malware analysis and exploring the different digital assets we have. Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched,” he said.