Adobe hack hits 2.9m users as source code is stolen
By Nicole Kobie
Posted on 4 Oct 2013 at 09:12
Adobe has revealed that hackers have accessed its networks, stealing data on 2.9 million of its users and source code for software.
Adobe uncovered the "sophisticated" attack "very recently", saying it believed the theft of user data and source code were related.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," Brad Arkin, Adobe's chief security officer, said.
Adobe said the data accessed includes customer names as well as encrypted debit and credit card numbers. "At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems," Arkin added.
The attack also appears to have targeted the source code of several Adobe products. "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorised third party," it said. "Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident."
In response, Adobe has notified affected users and reset their passwords, and also warned banks about the stolen card data. The company has already contacted police.
The attacks were uncovered by independent security researchers, including Brian Krebs and Alex Holden. The former noted on his blog that they found a "40GB source code trove stashed on a server used by the same cybercriminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll".
The attack against Adobe was uncovered on 17 September, and the company told Krebs that the hackers appeared to have had access to the network as far back as mid-August.
Adobe expressed its "regret" for the attack, and added: "cyber-attacks are one of the unfortunate realities of doing business today."
Is your business a social business? For helpful info and tips visit our hub.
Just goes to show
Software piracy is safer!
By Alfresco on 4 Oct 2013
Received an email from adobe about this problem they said that my password had been reset and to follow a link in the email to set a new one. However I could still login using my old password. Not exactly brimming with confidence about them addressing the problem
By kkenn on 4 Oct 2013
This is one of the reasons I will never subscribe to the Creative Cloud!
By sandman652001 on 4 Oct 2013
Source code stolen ?
Expect to see open source versions of Photoshop and other Adobe product's appearing online in the near future after adjustment of the code.
By Jaberwocky on 4 Oct 2013
You've obviously never done much coding!! Those products would contain thousands and thousands of lines of code, not easy to do "adjustment of the code" so that Adobe wouldn't be able to tell it was their code. No, a more likely scenario is that the theives will recompile the code and offer cheap closed source versions of the above products. Of course, the naive tw*ts who would be tempted to buy won't have any idea that the thieves will have also included some nasty malware.
By rjp2000 on 4 Oct 2013
So Adobe haven't actually apologised?
I have no confidence in that company anymore.
I pity the fools who stole the code because what they've got is bloated and slow.
By Grunthos on 8 Oct 2013
Demonstrating the direct opposite to the lies we are sold about security of cloud computing.
Epic failure on Adobe's part.
By Gindylow on 26 Oct 2013
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to write your company's IT security policy
- The key to choosing a secure password
- Please stop reposting fake Facebook messages
- Is Facebook safe for business?
- Don't rely on Chrome's password vault
- Facebook Graph Search: don't panic
- Gmail drafts and Pastebin: could they evade the email snoops?
- Applying for a job at GCHQ? Here's your plain-text password
- Google two-step verification: a must for business email
- Yes, I write down my passwords