Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Adobe Customer Security Compromised: 7 Facts

Could stolen ColdFusion and Acrobat source code spawn a new generation of zero-day attacks?

Adobe began warning 2.9 million customers Thursday that their Adobe user ID, as well as passwords and credit card numbers -- stored in encrypted format -- were stolen in a series of "sophisticated attacks" that appear to date from August 2013, if not earlier.

Adobe's breach warning to customers was preceded by a Wednesday blog post, written by Adobe chief security officer Brad Arkin, revealing that Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products.

What are the precise information security risks associated with the double-barreled theft of both source code and customer information? Here are seven facts:

1. Adobe Suspects One Gang Behind The Breaches

Just what did the Adobe attackers steal? "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," said Adobe's Arkin in the Thursday security announcement. "We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."

[ Are free, easy-to-use sites fostering a lazy approach to online security? Read WordPress Attacks: Time To Wake Up. ]

Adobe suspects -- but hasn't yet confirmed -- that whoever stole the customer data also stole the source code, and the company's investigators don't currently think that attackers accessed decrypted versions of credit or debit card numbers. "We deeply regret that this incident occurred," Arkin said. "We're working diligently internally, as well as with external partners and law enforcement, to address the incident."

2. Breach Dates From August 2013 -- Or Earlier

The breach was discovered one week ago, not by Adobe, but rather by security researchers Brian Krebs and Hold Security CISO Alex Holden. "[We] discovered a massive 40-GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll," Krebs said in a Thursday blog post. "The hacking team's server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat."

According to Krebs, Adobe has been investigating "a potentially broad-ranging breach into its networks" since Sept. 17, 2013. In a related blog post, Hold Security's Holden said, "It appears that the breach of Adobe's data occurred in early August of this year, but it is possible that the breach was ongoing earlier."

3. Customers Dismiss Adobe Email Notification As Spam

Adobe said it's reset all affected customers' passwords and warned customers who reused the same password on other sites (security tip: never, ever reuse passwords) to reset it there as well. Adobe has also shared information with relevant banks about stolen credit and debit card numbers, and Arkin said the company is also offering customers whose credit or debit card information was involved the option of enrolling in a one-year complimentary credit monitoring membership, where available.

Adobe customers have reported receiving emailed notifications about the breach, warning them to "monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports." But two different customers who received that email notification -- sent late Thursday, Pacific Time -- separately told InformationWeek that they'd initially dismissed the "important customer security alert" as spam.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
10/7/2013 | 11:26:45 PM
re: Adobe Customer Security Compromised: 7 Facts
Fair to say it's not a best practice to retain CC data any longer than necessary?
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
10/6/2013 | 2:38:11 PM
re: Adobe Customer Security Compromised: 7 Facts
This is exactly why we have a huge amount of regulations on the books. We basically have to force people/companies to do the right thing. Sad, really.
macker490
50%
50%
macker490,
User Rank: Ninja
10/6/2013 | 11:39:05 AM
re: Adobe Customer Security Compromised: 7 Facts
you would, --eh?
when you use your credit card you are authorizing the merchant unrestricted access to your account -- to the expiration date on your card.

everyplace you use it

PCI is based on pen and paper. proper authntication of digital transactions has never been incorporated into the system .
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
10/5/2013 | 1:17:09 PM
re: Adobe Customer Security Compromised: 7 Facts
I wonder why Adobe even held on to CC information. Throw it away once the transaction is done. Yes, the customer needs to key it in again the next time, but I rather type a few dozen characters than have my info stolen.
Do we really need to lobby lawmakers every single time to craft a law that enforces common sense?
WKash
50%
50%
WKash,
User Rank: Apprentice
10/5/2013 | 12:02:27 AM
re: Adobe Customer Security Compromised: 7 Facts
Scary that Adobe didn't spot this. And one more reason why never to reuse passwords .
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
10/4/2013 | 6:12:06 PM
re: Adobe Customer Security Compromised: 7 Facts
"But two different customers who received that email notification -- sent late Thursday, Pacific Time -- separately told InformationWeek that they'd initially dismissed the "important customer security alert" as spam."

The phishers are winning.
David F. Carr
50%
50%
David F. Carr,
User Rank: Apprentice
10/4/2013 | 5:28:17 PM
re: Adobe Customer Security Compromised: 7 Facts
Would the customer credit cards of past customers be at risk, or just people with some ongoing relationship like the newer subscription software options? I purchased a perpetual license to Creative Suite, but that was a couple of years ago, so I'd hope my credit card wouldn't still be stored anywhere.
Greater Focus on Privacy Pays Off for Firms
Robert Lemos, Contributing Writer,  1/27/2020
Average Ransomware Payments More Than Doubled in Q4 2019
Jai Vijayan, Contributing Writer,  1/27/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3215
PUBLISHED: 2020-01-29
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
CVE-2019-18634
PUBLISHED: 2020-01-29
In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist onl...
CVE-2013-2568
PUBLISHED: 2020-01-29
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.
CVE-2013-2569
PUBLISHED: 2020-01-29
A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.
CVE-2013-2570
PUBLISHED: 2020-01-29
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.