Adobe breached, customer info and source code compromised

Hackers have breached Adobe’s network and have made off with personal, account, and encrypted financial information of nearly 3 million Adobe customers, as well as the source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products.

Brad Arkin, Adobe’s Chief Security Officer says that the two attacks may be related. The investigation is ongoing, and as far as they can tell, the hacker’s accessing those product’s source code has not brought on specific increased risk to customers.

“We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide,” he noted in a blog post.

An indication that the code was accessed and stolen came a week ago, when journalist Brian Krebs along with researcher Alex Holden uncovered a “massive 40 GB source code trove” on a server used by the attackers that are thought to be behind the breaches of several big US data brokers discovered late last month.

They, of course, notified Adobe, and the company confirmed that they have been investigating a breach of their networks since September 17, 2013. As far as they know, the source code was accessed and exfiltrated around the middle of August, after the hackers accessed a part of their network that deals with customers’ credit card transactions.

Arkin has pointed out that they have rigorously reviewed the ColdFusion code that has been shipped since the breach, and says they are confident it hasn’t been changed in any way.

“We’re still at the brainstorming phase to come up with ways to provide higher level of assurance for the integrity of our products, and that’s going to be a key part of our response,” he added.

In the meantime, the customers whose information – names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders, customer IDs and encrypted passwords – has been compromised are getting notified of it and advised to change their passwords (and that on other online accounts if they used the same one), and to keep an eye on their bank accounts and take advantage of the one-year complimentary credit monitoring membership Adobe offered.

“We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts,” they said, but added that they do not believe the attackers removed decrypted credit or debit card numbers from their systems.

More information about the scope and consequences of the attacks is sure to follow, as the investigation is only at the beginning.

Click here for comments on this breach that Help Net Security received from a variety of security professionals.

Don't miss