Travelshots Posted October 4, 2013 Share Posted October 4, 2013 Adobe says some 2.9m customer accounts have been compromised and part of the source code that underlies its products stolen. The theft of source code could make it possible for hackers to break into the systems of individuals and companies that use Adobe’s software, raising the spectre of new attacks, according to experts copyright FT.com I personally never used Cloud systems. Link to comment Share on other sites More sharing options...
NYCat Posted October 4, 2013 Share Posted October 4, 2013 I got an email from them and have been instructed to change my password. I am not in the cloud with them and wonder what all this means for that. I'm not knowledgeable enough to understand the repercussions. Paulette Link to comment Share on other sites More sharing options...
Lionel Posted October 4, 2013 Share Posted October 4, 2013 This site https://krebsonsecurity.com/ has more on this story - no registration required. There is much more to this story, and Adobe is just one of a number of high profile outfits that fell victim to this particular episode of hacking. My instinct is that we are still at the very early stages of this story, and I would be very surprised if Adobe is the last victim of this episode. In my opinion this story underscores the serious security issues with SaaS - Software as a Service, also known as "the cloud". The part I find most incredible is that any company would allow their development environment to be physically connected to the internet, especially these days when security is in the news almost all the time. I guess that Adobe's IP lawyers went ballistic - Krebs alerted Adobe because they found the source code for some of Adobe's products on a machine controlled by the hackers. For those who don't follow the subtleties of the computer world, "source code" is the human-readable form that cannot be executed directly by a computer. In order to run an application you need the "executable code", which is mechanically translated from the "source code". If you really want a software company's secrets, you "acquire" their source code. I doubt this breach of security is going to advance Adobe's campaign to persuade users to adopt the cloud. In the US there is a form of legally protected free speech called "puffery" (Google is your friend); we're going to hear a lot of it. Regards Lionel Link to comment Share on other sites More sharing options...
woody Posted October 4, 2013 Share Posted October 4, 2013 Pretty much every company has an Internet connected internal network with the development environment on that internal network. Link to comment Share on other sites More sharing options...
Ed Endicott Posted October 4, 2013 Share Posted October 4, 2013 I received the message as well. I do not use Creative Cloud...it's a bad concept/idea from a customer's standpoint.... Important Customer Security Alert To view this message in a language other than English, please click here. We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems. To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information. We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter. We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here. Adobe Customer Care Link to comment Share on other sites More sharing options...
dov makabaw Posted October 4, 2013 Share Posted October 4, 2013 I also received it. Not sure how best to respond. If anyone experiences any reprocussions please report it on this Forum. dov Link to comment Share on other sites More sharing options...
Jill Morgan Posted October 4, 2013 Share Posted October 4, 2013 I don't use the cloud and purchased my software at Staples, so they don't have my credit card info. I now use a prepaid credit card for all online purchases. Never used to until someone I know had their credit info taken from the web. Figure its a lot easier as I purchase a lot of my supplies for my real business online, some from China. Costs a little more to maintain, but gives me that piece of mind that if anyone should steal the info, they aren't gonna get much. Jill Link to comment Share on other sites More sharing options...
losdemas Posted October 4, 2013 Share Posted October 4, 2013 I just got LR5 from them and haven't received the e-mail - even more worrying? Link to comment Share on other sites More sharing options...
MDM Posted October 4, 2013 Share Posted October 4, 2013 I just got LR5 from them and haven't received the e-mail - even more worrying? Me neither. It looks like the email is going to US customers. I wouldn't worry - just go and change your password if you haven't already done so. I'm not a cloud customer either but I've purchased PS upgrades now for several years and had to create an Adobe ID to do that. The only thing that would be obtainable on my Adobe account would be serial numbers - assuming that they don't retain card numbers from one-off purchases which they shouldn't do. Link to comment Share on other sites More sharing options...
DavidC Posted October 4, 2013 Share Posted October 4, 2013 Adobe has full (as full as they are aware) information on their webpage http://helpx.adobe.com/uk/x-productkb/policy-pricing/customer-alert.html If this link tells you the page is not available click on the 'Home' button and look for the box in Upgrades - Customer Security Alert It is worth a little bit of a panic - they are writing letters to people who they think are affected but they might not arrive until after the week-end and this came to light probably on Thursday - so five days minimum before some people will get to know that their credit card details are included in the data taken. Link to comment Share on other sites More sharing options...
Lionel Posted October 4, 2013 Share Posted October 4, 2013 Pretty much every company has an Internet connected internal network with the development environment on that internal network. You know, I'm sure you're correct, but isn't that the issue? To my mind the question is not what current practice is, but what it should be, especially given the all the publicity surrounding security threats and the exploits that turn threat into breach. There's lot's of publicly available information about security threats and exploits. Adobe is constantly alerted to vulnerabilities in the software they deliver to users (especially Flash and Acrobat); to be fair it does seem Adobe is trying to change the way they develop products, so it's very hard to imagine they could be unaware of the threat to themselves. Regards Lionel Link to comment Share on other sites More sharing options...
PatrioticAlien Posted October 4, 2013 Share Posted October 4, 2013 i got an email from adode this morning, saying my account has been compromised..... in this stone age, i expect this to happen more and more...... Link to comment Share on other sites More sharing options...
Paul Thompson Posted October 4, 2013 Share Posted October 4, 2013 I was not sure if the letter was legit as it was just, as above, dear customer not sent to me by name Can we assume the email is not part of the problem? Link to comment Share on other sites More sharing options...
PatrioticAlien Posted October 4, 2013 Share Posted October 4, 2013 if you go on adobe site, i looked why i was at university it also says on the site. here's the link from adobe uk, http://helpx.adobe.com/uk/x-productkb/policy-pricing/customer-alert.html Link to comment Share on other sites More sharing options...
ann m Posted October 4, 2013 Share Posted October 4, 2013 I just got LR5 from them and haven't received the e-mail - even more worrying?Me neither. It looks like the email is going to US customers. I wouldn't worry - just go and change your password if you haven't already done so. I'm not a cloud customer either but I've purchased PS upgrades now for several years and had to create an Adobe ID to do that. The only thing that would be obtainable on my Adobe account would be serial numbers - assuming that they don't retain card numbers from one-off purchases which they shouldn't do. we'll, I've received it this side of the pond, so looks like it's for all. off to check further now. ann Link to comment Share on other sites More sharing options...
MDM Posted October 4, 2013 Share Posted October 4, 2013 I just got LR5 from them and haven't received the e-mail - even more worrying?Me neither. It looks like the email is going to US customers. I wouldn't worry - just go and change your password if you haven't already done so. I'm not a cloud customer either but I've purchased PS upgrades now for several years and had to create an Adobe ID to do that. The only thing that would be obtainable on my Adobe account would be serial numbers - assuming that they don't retain card numbers from one-off purchases which they shouldn't do. we'll, I've received it this side of the pond, so looks like it's for all. off to check further now. ann Yeah - I based that assumption on insufficient data. I didn't get the email or letter so hopefully my account was not compromised. I changed my password anyway. Link to comment Share on other sites More sharing options...
losdemas Posted October 4, 2013 Share Posted October 4, 2013 Changed my pw, too. They suggest changing same/similar pw used on other sites, too, so am about to get moving on this. My Twitter account (barely used) was compromised yesterday and I had to change the pw. I didn't think much of this, as I'm usually very careful in all I do. Now I'm beginning to wonder if there's a connection? Link to comment Share on other sites More sharing options...
NYCat Posted October 4, 2013 Share Posted October 4, 2013 Now I'm worried about my "One-Click" ordering from Amazon. I'm going to take out my credit card info. I think it's the only site I have allowed to keep it. Paulette Link to comment Share on other sites More sharing options...
Sprocket Posted October 30, 2013 Share Posted October 30, 2013 An update has just appeared on the BBC News site, it seems the hackers got further than previously thought http://www.bbc.co.uk/news/technology-24740873 Link to comment Share on other sites More sharing options...
Lionel Posted November 1, 2013 Share Posted November 1, 2013 New developments in this story have been reported on Ars Technica today at http://arstechnica.com/security/2013/11/how-an-epic-blunder-by-adobe-could-strengthen-hand-of-password-crackers/ - and it's not good. If Adobe has a credit card number from you, or any other sensitive information, it's past time to go change some things. I've not yet seen any information about the likely impact on users of Adobe's Cloud, but prudence suggests it's time for new passwords. I've posted this link https://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/#more-23030 before, but it's got a lot of useful information and it comes from a source I consider reliable. Lionel Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.