Adobe attackers steal private ID
Published 04/10/2013 | 16:11
Adobe has confirmed that private information relating to 2.9 million customers has been stolen in a "sophisticated" attack on its website.
The attackers of Adobe, the maker of Photoshop, accessed customer IDs and encrypted passwords, the company said in a statement on its website.
It added: "We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.
"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems."
Brad Arkin, c hief security officer at Adobe, said the company "deeply regret" that this incident occurred.
The statement also said: "We are also investigating the illegal access to source code of numerous Adobe products.
"Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident."
The company said it is resetting relevant customer passwords to help prevent unauthorised access to Adobe ID accounts.
Customers whose user ID and password were involved will receive an email notification with information on how to change their password.
The company also recommend that people change their passwords on any website where they may have used the same user ID and password.
The statement on Adobe's website also said: "Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers.
"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related."
Chris Petersen, chief technology officer and co-founder of security specialist LogRhythm, said the incident was a "chilling reminder" to all software companies.
He said: "When it comes to the source code breach, the first risk Adobe is concerned with is that malicious code was inserted into product source code and then distributed to customers in a compiled form.
"The second risk is their source code being out in the open to would be attackers. Having access to product source code can allow attackers to identify software vulnerabilities that have been undiscovered to-date.
"Both risks could result in a treasure trove of zero-day exploits against Adobe software. If indeed the source code stolen pertains to ColdFusion and Acrobat, this could leave thousands of web servers open to at-will compromise and make it easier to compromise end-user systems.
"This breach is a chilling reminder that all software companies should be on guard, as they too could be a stepping stone to other targets."