Adobe hacked: Data on nearly 3 million compromised

Adobe has confirmed that cyber attackers got the best them, with an exploit leading to data on nearly 3 million customers being compromised.

Besides 2.9 million Adobe IDs and passwords being stolen, full customer names, encrypted credit/debit card numbers, and expiration dates were also compromised for many of the customers.

Additionally, "source code for numerous Adobe products" was also stolen in the attacks.

Reads the company's release:

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident. We're taking the following steps:

-As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.

-We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.

-We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers' accounts.

-We have contacted federal law enforcement and are assisting in their investigation.

Written by: Andre Yoskowitz @ 4 Oct 2013 9:54

Mysttic

Honestly the best security now would be to let your credit card company know to get a new card. Your old data is now rendered useless as there is no telling when the encryption will be broken and it could take past a year before anyone does anything with this information. It's a pain in the ass sure, but it's the best option out there.

4.10.2013 10:10 #1

Qliphah

Yeah, the 1 year of credit protection is a joke, just a way to cover their asses if somebody wants to sue them for breach of contract.

Id like to know if this was an internal security breach or an external attack on their servers. By the sounds of the source code being stolen and the sheer number of users compromised I would have to say the former is more likely. Surely they would have a way to monitor if 3 million accounts had been accessed from an outside source, and sourcecode should never be in a place accessible outside the company...

4.10.2013 11:53 #2

Mysttic

Quote:Id like to know if this was an internal security breach or an external attack on their servers. By the sounds of the source code being stolen and the sheer number of users compromised I would have to say the former is more likely. Surely they would have a way to monitor if 3 million accounts had been accessed from an outside source, and sourcecode should never be in a place accessible outside the company... The exact same thing Sony had to explain back in 2011. Should be interesting to see where it goes now, but the more companies get hacked, the less accountable they appear to have to be.

4.10.2013 12:46 #3

Qliphah

So according to consumerist adobe has no idea how or where the breach occurred, it was dumb luck that a computer forensic investigator happened to find the 40Gb of source code on a hacking teams server. Apparently the breach occurred some time in the past year before August to which Adobe started investigating in mid-September.

"As for concerns that the exposed source code might open up existing Adobe products to security concerns, the Adobe exec says, �We are looking at malware analysis and exploring the different digital assets we have. Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched.�"

They have no idea what they are doing.....

http://krebsonsecurity.com/2013/10/adob...er-data-breach/
http://consumerist.com/2013/10/04/adobe...back-in-august/

4.10.2013 13:10 #4

xtago

@Qliphah

You'll find the source code is probably from a beta tester or alpha tester and been given access to server that had that data on them.

Could be a programmer but they'd get their ass kicked if they did.

Most of the time it's insiders that hand the info out not people hacking to get in.

4.10.2013 21:36 #5

SomeBozo

I hate to say it, but i expected to see this and glad to see it happened to them, and another reason i don't like ad0be. Why? I use to work at M$ and during our security push, we found numerous security bugs in flash and other ad0be products, gave them a list of components and vulnerabilities that were pretty serious security wholes. Ad0be's response at least to the ones i knew about was "We don't need to worry about these security wholes and will not fix them, besides most users shouldn't be affected by them..."

Just wonder if they will continue to have the same careless attitude towards security now?

4.10.2013 22:02 #6

megadunderhead

i was expecting this!!!

More illegal keys about to hit the internet...

remember the adobe id's store your software key so they knew exactly what they wanted this is why i dont do adobe

6.10.2013 09:24 #7

Mrguss

Most of the techies & hackers hate Adobe - Flash anyway. Just saying.

+5000

7.10.2013 16:19 #8

AfterDawn: News