Hackers are at it again, with the latest target being Adobe. The company announced the security breach yesterday. The attackers gained access to customer data and source code.
Adobe says their investigation suggests that the attackers were able to access Customer ID’s and encrypted password, and 2.9 million customers’ information was removed from their systems. The information included the Customer Names, their encrypted Credit or Debit card numbers and their expiration dates, and other information related to customer’s orders. At present the company believes that the intruders did not remove the decrypted Credit or Debit card numbers from their systems.
They said that not only the internal staff, but external partners and law enforcement agencies too are working on resolving the incident at the moment.
They are notifying the affected customers to change the passwords for their Adobe ID accounts. Another letter is being sent to customers whose Credit and Debit card numbers were compromised along with precautionary steps to protect their cards against any potential misuse. Not only that, they have also contacted the banks processing the customer payments for them, who will be working with the card companies and card issuing banks.
Besides the Customer data breach, Adobe is also dealing with the investigation of illegal access of source code for Acrobat, ColdFusion, ColdFusion Builder and other products. The company claims they are not aware of any Zero day exploit so far for any of the Adobe products but recommends using only supported version of the software and apply all available security updates. Adobe has said that they will be releasing important security update on next Tuesday for Adobe Acrobat and Adobe Reader.
The issue was first discovered by security blogger and former Washington Post reporter Brian Krebs of KrebsOnSecurity, with fellow researcher Alex Holden about one week ago. They found 40 GB source code trove stashed on a server used by the same attacker believed to have hacked into LexisNexis, Dun & Bradstreet and Kroll. They shared the screenshots of the same with Adobe to which the cmpany later confirmed. Brad Arkin, Adobe’s Chief Security Officer also thanked them in the company’s official blog post saying, “Adobe thanks Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer, Hold Security LLC. holdsecurity.com for their help in our response to this incident.”.
Adobe is Multinational Company based in California. It was founded in 1982 by John Warnock and Charles Geschke.