Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/3/2013
07:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Adobe Hacked: Source Code, Customer Data Stolen

Adobe Acrobat, ColdFusion source code pilfered, information on nearly 3 million customers exposed

Adobe late today revealed it recently discovered it had suffered massive "sophisticated attacks" on its network that resulted in the theft of sensitive information including payment card information on 2.9 million customers, as well as of source code for multiple Adobe software products, including Adobe Acrobat, ColdFusion, ColdFusion Builder, and other Adobe software.

Brad Arkin, chief security officer of Adobe, said in a blog post that the attacks may be related.

"Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related," Arkin said.

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident," Arkin said.

Meanwhile, Hold Security said in a statement today that the security firm, working with Brian Krebs of KrebsOnSecurity, had discovered the pilfered Adobe source code on servers of the hackers behind the recently revealed breaches of LexisNexis, Kroll, NW3C, and other sites. "Over 40 Gigabytes in encrypted archives have been discovered on a hackers' server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe's data occurred in early August of this year but it is possible that the breach was ongoing earlier," Hold Security said in a post today.

Just how the source code was stolen and whether it was employed for malicious activity is unclear, according to Hold, but "unauthorized individuals" took and viewed the data.

The potential abuse of stolen Adobe source code could have serious and far-reaching consequences for users. "This breach poses a serious concern to countless businesses and individuals. Adobe products are installed on most end-user devices and used on many corporate and government servers around the world. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits," Hold Security says.

Adobe's Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products," he says.

Adobe customers affected by the account breach will be contacted and advised to change his or her password; the company is also in the process of alerting customers whose credit- and debit-card information was stolen. The good news is that the financial information was encrypted.

The company says it is working with "federal law enforcement" to help in its investigation of the hacks.

According to a post on KrebsOnSecurity, Brian Krebs and Hold Security CISO Alex Holden a week ago found 40 GB of source code stored on a server used by the same gang who appears to have hit data aggregators LexisNexis, Dun & Bradstreet, Kroll, and others. "The hacking team's server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat," Krebs wrote today. "Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. 17, 2013."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
10/9/2013 | 12:13:13 AM
re: Adobe Hacked: Source Code, Customer Data Stolen
Good to hear the customer credit card data was encrypted. This could have been a lot worse for Adobe otherwise.
ANON1233964134849
50%
50%
ANON1233964134849,
User Rank: Apprentice
10/15/2013 | 6:46:12 PM
re: Adobe Hacked: Source Code, Customer Data Stolen
Pilfered source code? My clients use fingerprinting technology ("AccuMatch DLP" - Gtb technologies) with their content aware reverse firewall - which works like a charm. They have full coverage on those 'unknown' ports, not just SMTP channels, just in case they "got malware"
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.