BreachExchange mailing list archives
Adobe Data Breach Exposes 3 Million Customer Credit Cards
From: Richard Forno <rforno () infowarrior org>
Date: Thu, 3 Oct 2013 18:41:16 -0400
Adobe Data Breach Exposes 3 Million Customer Credit Cards By Paul WagenseilOctober 3, 2013 4:10 PM - Source: Tom's Guide US | B 2 comments http://www.tomsguide.com/us/adobe-data-breach,news-17642.html Adobe Systems, maker of Photoshop, InDesign, Premiere and other professional creative software products, said today (Oct. 3) that the personal and financial data of nearly 3 million Adobe customers, as well as the source code for Adobe products, had been stolen in a massive data breach. "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," read an Adobe company blog post attributed to Chief Security Officer Brad Arkin. "We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers," Arkin added, "including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders." Arkin said the company was resetting passwords on affected accounts, notifying customers whose credit- or debit-card information was exposed, notifying the financial institutions handling customer accounts and working with law enforcement. "Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available," Arkin said. Adobe set up a page with instructions for customers on how to reset their Adobe passwords. Apart from what Adobe recommends, customers who have ever bought software directly from the Adobe website should immediately change their passwords for the Adobe account, as well as for any account that shares that password, and also closely monitor their financial records for the next several months. In a separate blog posting dated yesterday (Sept. 2), Arkin said that "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party." "Based on our findings to date," Arkin said, "we are not aware of any specific increased risk to customers as a result of this incident." Arkin thanked Brian Krebs, the independent security blogger who has been investigating professional identity thieves at his KrebsOnSecurity blog. Krebs has revealed that a single gang used sophisticated malware to breach the networks of Dun & Bradstreet, LexisNexis and the National White Collar Crime Center, and then resold the information in underground criminal marketplaces. Examining the gang's server contents (which were posted online by a rival group of hackers), Krebs and fellow researcher Alex Holden of Hold Security found source code for Adobe products in a 40-gigabyte trove of stolen software. Krebs informed Adobe of the findings a week ago, and in return Adobe told Krebs the company had been conducting its own investigation since mid-September. In June, Adobe began a multi-year process to shift its software distribution from the traditional model of boxed DVDs sold in stores to an open-ended subscription model, in which paying customers download software straight from the Adobe website. (The new subscriptions were almost immediately hacked and pirated.) That's a noble effort to combat piracy and unauthorized re-use of Adobe products — millions of Americans have copies of Photoshop they didn't directly pay for — but it also means that Adobe aims to retain the credit-card information of almost all its customers. Judging by today's events, that might not be such a good idea. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Adobe Data Breach Exposes 3 Million Customer Credit Cards Richard Forno (Oct 03)