Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/3/2013
07:40 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Adobe Hacked: Source Code, Customer Data Stolen

Adobe Acrobat, ColdFusion source code pilfered, information on nearly 3 million customers exposed

Adobe late today revealed it recently discovered it had suffered massive "sophisticated attacks" on its network that resulted in the theft of sensitive information including payment card information on 2.9 million customers, as well as of source code for multiple Adobe software products, including Adobe Acrobat, ColdFusion, ColdFusion Builder, and other Adobe software.

Brad Arkin, chief security officer of Adobe, said in a blog post that the attacks may be related.

"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related," Arkin said.

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident," Arkin said.

Meanwhile, Hold Security said in a statement today that the security firm, working with Brian Krebs of KrebsOnSecurity, had discovered the pilfered Adobe source code on servers of the hackers behind the recently revealed breaches of LexisNexis, Kroll, NW3C, and other sites. "Over 40 Gigabytes in encrypted archives have been discovered on a hackers' server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe's data occurred in early August of this year but it is possible that the breach was ongoing earlier," Hold Security said in a post today.

Just how the source code was stolen and whether it was employed for malicious activity is unclear, according to Hold, but "unauthorized individuals" took and viewed the data.

The potential abuse of stolen Adobe source code could have serious and far-reaching consequences for users. "This breach poses a serious concern to countless businesses and individuals. Adobe products are installed on most end-user devices and used on many corporate and government servers around the world. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits," Hold Security says.

Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products," he says.

Adobe customers affected by the account breach will be contacted and advised to change his or her password; the company is also in the process of alerting customers whose credit- and debit-card information was stolen. The good news is that the financial information was encrypted.

The company says it is working with "federal law enforcement" to help in its investigation of the hacks.

According to a post on KrebsOnSecurity, Brian Krebs and Hold Security CISO Alex Holden a week ago found 40 GB of source code stored on a server used by the same gang who appears to have hit data aggregators LexisNexis, Dun & Bradstreet, Kroll, and others. "The hacking team's server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat," Krebs wrote today. "Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. 17, 2013."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ANON1233964134849
50%
50%
ANON1233964134849,
User Rank: Apprentice
10/15/2013 | 6:46:12 PM
re: Adobe Hacked: Source Code, Customer Data Stolen
Pilfered source code? My clients use fingerprinting technology ("AccuMatch DLP" - Gtb technologies) with their content aware reverse firewall - which works like a charm. They have full coverage on those 'unknown' ports, not just SMTP channels, just in case they "got malware"
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/9/2013 | 12:13:13 AM
re: Adobe Hacked: Source Code, Customer Data Stolen
Good to hear the customer credit card data was encrypted. This could have been a lot worse for Adobe otherwise.
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29040
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
CVE-2021-29041
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
CVE-2021-29047
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-22668
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-29039
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.