Jump to content

adobe compromised news on FT


Recommended Posts

Adobe says some 2.9m customer accounts have been compromised and part of the source code that underlies its products stolen. The theft of source code could make it possible for hackers to break into the systems of individuals and companies that use Adobe’s software, raising the spectre of new attacks, according to experts copyright FT.com

 

 

 

I personally never used Cloud systems.

Link to comment
Share on other sites

I got an email from them and have been instructed to change my password. I am not in the cloud with them and wonder what all this means for that. I'm not knowledgeable enough to understand the repercussions.

 

Paulette

Link to comment
Share on other sites

This site https://krebsonsecurity.com/ has more on this story - no registration required.  There is much more to this story, and Adobe is just one of a number of high profile outfits that fell victim to this particular episode of hacking.  My instinct is that we are still at the very early stages of this story, and I would be very surprised if Adobe is the last victim of this episode.

 

In my opinion this story underscores the serious security issues with SaaS - Software as a Service, also known as "the cloud".  The part I find most incredible is that any company would allow their development environment to be physically connected to the internet, especially these days when security is in the news almost all the time.  I guess that Adobe's IP lawyers went ballistic - Krebs alerted Adobe because they found the source code for some of Adobe's products on a machine controlled by the hackers.  For those who don't follow the subtleties of the computer world, "source code" is the human-readable form that cannot be executed directly by a computer.  In order to run an application you need the "executable code", which is mechanically translated from the "source code".  If you really want a software company's secrets, you "acquire" their source code.

 

I doubt this breach of security is going to advance Adobe's campaign to persuade users to adopt the cloud.  In the US there is a form of legally protected free speech called "puffery" (Google is your friend); we're going to hear a lot of it.

 

Regards

Lionel

Link to comment
Share on other sites

I received the message as well.  I do not use Creative Cloud...it's a bad concept/idea from a customer's standpoint....

 

 

Important Customer Security Alert

To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.

 

Adobe Customer Care

Link to comment
Share on other sites

I don't use the cloud and purchased my software at Staples, so they don't have my credit card info. I now use a prepaid credit card for all online purchases. Never used to until someone I know had their credit info taken from the web. Figure its a lot easier as I purchase a lot of my supplies for my real business online, some from China. Costs a little more to maintain, but gives me that piece of mind that if anyone should steal the info, they aren't gonna get much.

 

Jill

Link to comment
Share on other sites

I just got LR5 from them and haven't received the e-mail - even more worrying?

Me neither. It looks like the email is going to US customers. I wouldn't worry - just go and change your password if you haven't already done so. I'm not a cloud customer either but I've purchased PS upgrades now for several years and had to create an Adobe ID to do that. The only thing that would be obtainable on my Adobe account would be serial numbers - assuming that they don't retain card numbers from one-off purchases which they shouldn't do.

Link to comment
Share on other sites

Adobe has full (as full as they are aware) information on their webpage http://helpx.adobe.com/uk/x-productkb/policy-pricing/customer-alert.html

 

If this link tells you the page is not available click on the 'Home' button and look for the box in Upgrades - Customer Security Alert

 

It is worth a little bit of a panic - they are writing letters to people who they think are affected but they might not arrive until after the week-end and this came to light probably on Thursday - so five days minimum before some people will get to know that their credit card details are included in the data taken.

Link to comment
Share on other sites

Pretty much every company has an Internet connected internal network with the development environment on that internal network.

 

You know, I'm sure you're correct, but isn't that the issue?  To my mind the question is not what current practice is, but what it should be, especially given the all the publicity surrounding security threats and the exploits that turn threat into breach.  There's lot's of publicly available information about security threats and exploits.  Adobe is constantly alerted to vulnerabilities in the software they deliver to users (especially Flash and Acrobat); to be fair it does seem Adobe is trying to change the way they develop products, so it's very hard to imagine they could be unaware of the threat to themselves.

 

Regards

Lionel

Link to comment
Share on other sites

 

I just got LR5 from them and haven't received the e-mail - even more worrying?

Me neither. It looks like the email is going to US customers. I wouldn't worry - just go and change your password if you haven't already done so. I'm not a cloud customer either but I've purchased PS upgrades now for several years and had to create an Adobe ID to do that. The only thing that would be obtainable on my Adobe account would be serial numbers - assuming that they don't retain card numbers from one-off purchases which they shouldn't do.

we'll, I've received it this side of the pond, so looks like it's for all. off to check further now.

ann

Link to comment
Share on other sites

 

 

I just got LR5 from them and haven't received the e-mail - even more worrying?

Me neither. It looks like the email is going to US customers. I wouldn't worry - just go and change your password if you haven't already done so. I'm not a cloud customer either but I've purchased PS upgrades now for several years and had to create an Adobe ID to do that. The only thing that would be obtainable on my Adobe account would be serial numbers - assuming that they don't retain card numbers from one-off purchases which they shouldn't do.

we'll, I've received it this side of the pond, so looks like it's for all. off to check further now.

ann

Yeah - I based that assumption on insufficient data. I didn't get the email or letter so hopefully my account was not compromised. I changed my password anyway.

Link to comment
Share on other sites

Changed my pw, too.  They suggest changing same/similar pw used on other sites, too, so am about to get  moving on this.

 

My Twitter account (barely used) was compromised yesterday and I had to change the pw.  I didn't think much of this, as I'm usually very careful in all I do.  Now I'm beginning to wonder if there's a connection?

Link to comment
Share on other sites

  • 4 weeks later...

New developments in this story have been reported on Ars Technica today at http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ - and it's not good.  If Adobe has a credit card number from you, or any other sensitive information, it's past time to go change some things.

 

I've not yet seen any information about the likely impact on users of Adobe's Cloud, but prudence suggests it's time for new passwords.

 

I've posted this link https://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/#more-23030 before, but it's got a lot of useful information and it comes from a source I consider reliable.

 

Lionel

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.