Brad Arkin, chief security officer of Adobe, said in a blog post that the attacks may be related.
"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related," Arkin said.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident," Arkin said.
Meanwhile, Hold Security said in a statement today that the security firm, working with Brian Krebs of KrebsOnSecurity, had discovered the pilfered Adobe source code on servers of the hackers behind the recently revealed breaches of LexisNexis, Kroll, NW3C, and other sites. "Over 40 Gigabytes in encrypted archives have been discovered on a hackers' server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe's data occurred in early August of this year but it is possible that the breach was ongoing earlier," Hold Security said in a post today.
Just how the source code was stolen and whether it was employed for malicious activity is unclear, according to Hold, but "unauthorized individuals" took and viewed the data.
The potential abuse of stolen Adobe source code could have serious and far-reaching consequences for users. "This breach poses a serious concern to countless businesses and individuals. Adobe products are installed on most end-user devices and used on many corporate and government servers around the world. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits," Hold Security says.
Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products," he says.
Adobe customers affected by the account breach will be contacted and advised to change his or her password; the company is also in the process of alerting customers whose credit- and debit-card information was stolen. The good news is that the financial information was encrypted.
The company says it is working with "federal law enforcement" to help in its investigation of the hacks.
According to a post on KrebsOnSecurity, Brian Krebs and Hold Security CISO Alex Holden a week ago found 40 GB of source code stored on a server used by the same gang who appears to have hit data aggregators LexisNexis, Dun & Bradstreet, Kroll, and others. "The hacking team's server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat," Krebs wrote today. "Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. 17, 2013."
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.