[news] Adobe hacked, source code and customer data stolen


K

kandinsky

Moderator
Staff member
Apr 26, 2008
3,013
24
38
Important Customer Security Announcement

POSTED BY BRAD ARKIN, CHIEF SECURITY OFFICER ON OCTOBER 3, 2013 8:08 AM INEXECUTIVE PERSPECTIVES

Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers. Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident. We’re taking the following steps:

  • As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
  • We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
  • We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
  • We have contacted federal law enforcement and are assisting in their investigation.

We are also investigating the illegal access to source code of numerous Adobe products. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident. For more information, please see the blog posthere.

We value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you. If you would like additional information, please refer to Adobe’s Customer Support page.

Brad Arkin
Chief Security Officer

http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
Click to expand...

Yikes. Any CSers affected?

http://www.smh.com.au/it-pro/securi...a-source-code-compromised-20131004-hv1wl.html
http://arstechnica.com/security/201...stomer-data-stolen-in-sustained-network-hack/
http://www.pcmag.com/article2/0,2817,2425215,00.asp
 

that's why me, the smart one, still stuck to the packaged photoshop cs5, rather than sign on their creative cloud nonsense.
 

i am still not on the cloud.. :bsmilie:
 

Where do they talk about clouds? Lightroom is a stand-alone product and will remain so according their road map.
 

May be am being paranoid but still prefer things physical instead of this cloud thingy.
 

Octarine said:
Where do they talk about clouds? Lightroom is a stand-alone product and will remain so according their road map.
Click to expand...

Lightroom is also available on Creative Cloud actually...
 

I doubt the authenticity of this.

For one, using a blog to make important announcements???

Is it on their web home page??

Why no direct mail to their customers??
 

qystan said:
I doubt the authenticity of this.

For one, using a blog to make important announcements???

Is it on their web home page??

Why no direct mail to their customers??
Click to expand...

Well, while I applaud your skepticism (I'm a pretty skeptical person myself), but the signs seem to be pointing more to 'real' than 'fake', for now at least. It clearly is an adobe-hosted corporate blog. They have a link to the corporate blogs on their home page: http://www.adobe.com/news-room.html

8eG6lEx.png


Look under the [Executive Posts] tab.

XyvV9lK.png


Besides, if it were untrue, there would have been a speedy response from Adobe to refute the allegations as this does have an impact on customer trust, ever more relevant with their new push to subscriptions.

If you read the post, it stated that they contacted only those with affected accounts.

If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.

We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you.
Click to expand...
 

Last edited:
I received an email to reset my password this afternoon, so I guess some of us are affected. :-(
 

I had also received an email from adobe today. But to play safe I go directly to there webpage and reset my password from there (didn't click on link from email).
Click sign-in, then click "trouble signing in" to reset password.
On there page under news room there a message on the hack thing. Also a step on how to reset password.

I not on creative cloud, just standalone Lightroom user. But think to play safe, they will advise registered user to reset password.
In email also advise to reset any other accounts that using same user & password.
 

Last edited:
You must log in or register to reply here.

Similar threads

RSSNewsFeeder
LR Tips Getting to Know Lightroom Web
Replies
0
Views
472
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
LR Tips A Perfect Last-Minute Gift Idea (and Five Lightroom Courses You Can Watch This Week)
Replies
0
Views
300
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Hackers Breached Samsung Security and Stole Galaxy Source Code
Replies
0
Views
126
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Camera Makers Have Ignored Security, Putting Photographers at Risk
Replies
0
Views
317
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel San Francisco Chronicle Photographer Robbed at Gunpoint in Oakland
Replies
0
Views
227
News from the Net
RSSNewsFeeder
RSSNewsFeeder
Top Bottom
Back