Adobe hacked, millions of customers’ data compromised



Published time: October 04, 2013 19:27

Justin Sullivan / Getty Images / AFP

A security breach targeting the source code used by software giant Adobe has compromised the information of nearly three million customers, the company confirmed this week.

Brad Arkin, Adobe’s chief security officer, announced in a blog
post Thursday that a sophisticated cyber attack on the company’s
network caused the source code for numerous programs to be
illegally accessed by hackers, as well as the personal
information of millions of Adobe users.

Founded in 1982, the Silicon Valley company is known for an array
of products, including the PhotoShop editing software and the
PDF, SWF and FLV file formats.

According to Arkin, Adobe believes the attackers pilfered
customer names, encrypted credit and debit card numbers,
expiration dates, and other information related to customer
orders pertaining to roughly 2.9 million Adobe clients.

Arkin said the company does not believe the attackers accessed
decrypted information, but stopped short of confirming that
plain-text data wasn’t compromised.

We’re working diligently internally, as well as with external
partners and law enforcement, to address the incident
,” he
said.

He also stated that the theft of customer data and the source
code for numerous Adobe products was likely related.

Brian Krebs, a well respected security researcher and former
Washington Post reporter, acknowledged that he stumbled upon a 40
GB trove of Adobe source code around one week ago on the same
server thought to be used by the hackers behind other recent
major compromises. Krebs said that the source code pertained to
Adobe’s ColdFusion and Acrobat software, which would suggest that
hackers have obtained the blueprints for some of the company’s
most widely used products.

Hold Security, a firm that worked in conjunction with Krebs, said
that “This breach poses a serious concern to countless
businesses and individuals
.”

If hackers have been able to access Adobe source code, they could
theoretically be able to analyze that information and engineer
malware that exploits vulnerabilities and compromises the
security of several million users, experts fear.

Effectively, this breach may have opened a gateway for new
generation of viruses, malware, and exploits
,” Hold Security
said in a statement.

We are not aware of any zero-day exploits targeting any Adobe
products
,” the software makers responded. “However, as
always, we recommend customers run only supported versions of the
software, apply all available security updates, and follow the
advice in the Acrobat Enterprise Toolkit and the ColdFusion
Lockdown Guide
.”

Speaking to Krebs, Adobe’s Arkin said “We are in the early
days of what we expect will be an extremely long and thorough
response to this incident.”

We’re still at the brainstorming phase to come up with ways
to provide higher level of assurance for the integrity of our
products, and that’s going to be a key part of our response
,”
he said. “We are looking at malware analysis and exploring the
different digital assets we have. Right now the investigation is
really into the trail of breadcrumbs of where the bad guys
touched
.”

Following Adobe’s announcement on Thursday, shares in the company
fell 64 cents each but have since rebounded.

Copyright: RT