Source code and 2.9 million accounts raided by attackers in Adobe breach

In a blog post on Thursday, Adobe said that during a security audit sometime around September 17, the company discovered that attackers had accessed Adobe customer IDs, as well as encrypted passwords. In addition to IDs and passwords, Adobe Chief Security Officer, Brad Arkin, said that the attackers also accessed customer names, encrypted credit and debit card numbers, expiration dates and "other information."

[Espionage campaign targeting Asian supply chains uncovered]

"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. Were working diligently internally, as well as with external partners and law enforcement, to address the incident," Arkin wrote.

In all, Adobe says that the breach impacts some 2.9 million customers worldwide, and that they're in the process of sending out notifications to those who had credit or debit card details compromised. Further, Adobe has alerted the banks processing customer payments, in order for them to help protect accounts upstream.

"If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password," Arkin advised.

Making matters worse, Adobe also admitted that source code was breached during the incident, sparking fears that criminals who have accessed the information may have used it to develop new attacks. Adobe says they're not aware of any increased risk to customers because of this incident, and noted that they've not seen any Zero-Day exploits targeting their software. However, this doesn't mean that said Zero-Days don't exist now due to this breach, nor does it mean that unreported attacks aren't taking place.

The earliest known date of discovery is September 17, but Adobe hasn't said how long the attackers have had possession of the stolen source code, nor can they comment on how far it's spread online. Last week, reporter Brian Krebs, found 40 GB worth of Adobe's proprietary data on a server used by criminals, but by the time he found it, Adobe was already investigating its theft.

In an advisory to customers, Adobe confirmed that the source code theft impacted Adobe Acrobat, ColdFusion, ColdFusion Builder and "other Adobe products." As to what those other products are, Adobe didn't say.

[5 myths of encrypting and tokenizing sensitive data]

CSO reached out to Adobe in order to ascertain the type of encryption employed to protect credit card data. In addition, we asked for clarification to the point that attackers didn't remove "decrypted credit or debit card numbers from" Adobe systems. We're they saying such unprotected data exists? Furthermore, we asked for information on how the attackers got in. Specifically, was it via Phishing or was it vulnerabilities in a server or application?

Unfortunately, Adobe would only point to their blog post, and declined to answer any other questions. In a statement the company would only say the investigation was ongoing. CSO will share any new information as it becomes available. In the meantime, Adobe recommends that customers update to the latest supported software versions, and that they download the newest releases when they're made available on October 8.

Join the CSO newsletter!

Error: Please check your email address.

Tags Adobe Systemssecurity

More about Adobe SystemsCSO

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place