Attacks/Breaches
10/3/2013
07:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Adobe Hacked: Source Code, Customer Data Stolen

Adobe Acrobat, ColdFusion source code pilfered, information on nearly 3 million customers exposed

Adobe late today revealed it recently discovered it had suffered massive "sophisticated attacks" on its network that resulted in the theft of sensitive information including payment card information on 2.9 million customers, as well as of source code for multiple Adobe software products, including Adobe Acrobat, ColdFusion, ColdFusion Builder, and other Adobe software.

Brad Arkin, chief security officer of Adobe, said in a blog post that the attacks may be related.

"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related," Arkin said.

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident," Arkin said.

Meanwhile, Hold Security said in a statement today that the security firm, working with Brian Krebs of KrebsOnSecurity, had discovered the pilfered Adobe source code on servers of the hackers behind the recently revealed breaches of LexisNexis, Kroll, NW3C, and other sites. "Over 40 Gigabytes in encrypted archives have been discovered on a hackers' server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe's data occurred in early August of this year but it is possible that the breach was ongoing earlier," Hold Security said in a post today.

Just how the source code was stolen and whether it was employed for malicious activity is unclear, according to Hold, but "unauthorized individuals" took and viewed the data.

The potential abuse of stolen Adobe source code could have serious and far-reaching consequences for users. "This breach poses a serious concern to countless businesses and individuals. Adobe products are installed on most end-user devices and used on many corporate and government servers around the world. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits," Hold Security says.

Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products," he says.

Adobe customers affected by the account breach will be contacted and advised to change his or her password; the company is also in the process of alerting customers whose credit- and debit-card information was stolen. The good news is that the financial information was encrypted.

The company says it is working with "federal law enforcement" to help in its investigation of the hacks.

According to a post on KrebsOnSecurity, Brian Krebs and Hold Security CISO Alex Holden a week ago found 40 GB of source code stored on a server used by the same gang who appears to have hit data aggregators LexisNexis, Dun & Bradstreet, Kroll, and others. "The hacking team's server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat," Krebs wrote today. "Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. 17, 2013."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ANON1233964134849
50%
50%
ANON1233964134849,
User Rank: Apprentice
10/15/2013 | 6:46:12 PM
re: Adobe Hacked: Source Code, Customer Data Stolen
Pilfered source code? My clients use fingerprinting technology ("AccuMatch DLP" - Gtb technologies) with their content aware reverse firewall - which works like a charm. They have full coverage on those 'unknown' ports, not just SMTP channels, just in case they "got malware"
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/9/2013 | 12:13:13 AM
re: Adobe Hacked: Source Code, Customer Data Stolen
Good to hear the customer credit card data was encrypted. This could have been a lot worse for Adobe otherwise.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.