ROCHELLE STOVALL

ROCHELLE STOVALL

Friday, 4 October 2013

Adobe cyber attacks expose 2.9m customers' details

An investigation by Adobe’s security team indicates that the attackers accessed Adobe customer IDs and encrypted passwords on the company's systems.
The attackers are though to have extracted information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
Adobe said it does not believe the attackers got their hands on decrypted credit or debit card numbers. However, the company is in the process of notifying customers whose credit or debit card information is believed to be involved in the incident, so that they can take appropriate steps to protect themselves against potential misuse of their information.
Customers whose credit or debit card information was involved will be also offered the option of enrolling in a one-year complimentary credit monitoring membership where available.
Adobe is resetting relevant customer passwords and recommending that customers change their passwords on any websites where they may have used the same user ID and password. The banks processing customer payments for Adobe have also been notified of the incident, as has federal law enforcement.

"Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers," said Adobe chief security officer Brad Arkin, in a blog post.
"We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."
Adobe products affected by the source code theft include Adobe Acrobat, ColdFusion, and ColdFusion Builder. Security expert Graham Cluley highlighted fears that malicious hackers could examine the source code and attempt to find flaws and vulnerabilities that they might attempt to exploit.
"It should go without saying that no software company ever wants to have criminals steal its source code – it is, after all, the technology equivalent of losing the Crown Jewels," said Cluley.
Meanwhile, security researcher Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer at Hold Security LLC has reported that 40GB worth of Adobe source code was found on a server used by cybercriminals a week ago.
The server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.
 

0 comments:

Post a Comment