An investigation by Adobe’s security team indicates that the attackers
accessed Adobe customer IDs and encrypted passwords on the company's
systems.
The attackers are though to have extracted information relating to 2.9 million
Adobe customers, including customer names, encrypted credit or debit card
numbers, expiration dates, and other information relating to customer
orders.
Adobe said it does not believe the attackers got their hands on decrypted
credit or debit card numbers. However, the company is in the process of
notifying customers whose credit or debit card information is believed to be
involved in the incident, so that they can take appropriate steps to protect
themselves against potential misuse of their information.
Customers whose credit or debit card information was involved will be also
offered the option of enrolling in a one-year complimentary credit
monitoring membership where available.
Adobe is resetting relevant customer passwords and recommending that customers
change their passwords on any websites where they may have used the same
user ID and password. The banks processing customer payments for Adobe have
also been notified of the incident, as has federal law enforcement.
"Cyber attacks are one of the unfortunate realities of doing business
today. Given the profile and widespread use of many of our products, Adobe
has attracted increasing attention from cyber attackers," said Adobe
chief security officer Brad Arkin, in a blog
post.
"We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."
Adobe products affected by the source code theft include Adobe Acrobat, ColdFusion, and ColdFusion Builder. Security expert Graham Cluley highlighted fears that malicious hackers could examine the source code and attempt to find flaws and vulnerabilities that they might attempt to exploit.
"It should go without saying that no software company ever wants to have criminals steal its source code – it is, after all, the technology equivalent of losing the Crown Jewels," said Cluley.
Meanwhile, security researcher Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer at Hold Security LLC has reported that 40GB worth of Adobe source code was found on a server used by cybercriminals a week ago.
The server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.
"We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."
Adobe products affected by the source code theft include Adobe Acrobat, ColdFusion, and ColdFusion Builder. Security expert Graham Cluley highlighted fears that malicious hackers could examine the source code and attempt to find flaws and vulnerabilities that they might attempt to exploit.
"It should go without saying that no software company ever wants to have criminals steal its source code – it is, after all, the technology equivalent of losing the Crown Jewels," said Cluley.
Meanwhile, security researcher Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer at Hold Security LLC has reported that 40GB worth of Adobe source code was found on a server used by cybercriminals a week ago.
The server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.
0 comments:
Post a Comment