Adobe recently took a big hit; one of their servers was maliciously attacked. A major security breach is always a terrible thing to happen to a company, but this one hit Adobe hard. Almost 3 million users were effected and it seems that the hackers also gained access to the source code for three of Adobe’s products: ColdFusion, ColdFusion Builder, and Acrobat. This breach of security happened almost two months ago, and users are just finding out about the situation now.
Brian Krebs from Krebs on Security, found the break along with Alex Holden from Hold on Security. Krebs wrote the following on his blog “Adobe confirmed that the company believes that hackers accessed a source code repository sometimes in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers. Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that they bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network. Adobe said the credit card numbers were encrypted and that the company does not believe decrypted credit card numbers left its network.”
After the breach was brought to their attention, Adobe responded to the hack on their blog, “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”
Adobe is taking the appropriate measures by circling in law enforcement and the banks that handle and process the customer payments. They are notifying those customers affected with a prompt to change their password. For those whose credit/debit card information was believed to be involved, Adobe is offering users affected a one year complimentary credit monitoring membership. However, Adobe users still have a right to be upset about the fact that Adobe is withholding how exactly the credit card information was encrypted, which would help assess how time-sensitive and how intensely cardholders should take measures.
Adobe believes that the illegal access to the source codes of the products effected is not of any risk to customers. However, with a source code leak, it opens the doors to many security concerns that could happen unnoticed in the future.