backtop


Print 19 comment(s) - last by Monkey's Uncle.. on Oct 7 at 8:56 AM


  (Source: rack.1.mshcdn.com)
The company doesn't think hackers got decrypted credit/debit card numbers

Adobe was the target of a major hack recently where nearly 3 million customer accounts were compromised.

A security breach on one of Adobe's servers has resulted in hacked access to product source code and data of 2.9 million Adobe customers. 

Adobe said that some of the customers' personal information was encrypted, and that they “do not believe the attackers removed decrypted credit or debit card numbers." But it's still not a good thing that this information is wandering around cyber space. 

Some of the personal information included Adobe customer IDs, encrypted passwords, customer names, encrypted credit or debit card numbers, expiration dates and information relating to customer orders.

Adobe also said that source code for at least three Adobe products (Acrobat, ColdFusion, and ColdFusion Builder) has been compromised. Brian Krebs, of KrebsOnSecurity.com said he found 40GB of Adobe source code on the private server of a hacking group. 

Adobe believes that the hackers broke into a portion of Adobe’s network that manages credit card transactions for customers, and accessed a source code repository sometime in August 2013.

"We deeply regret that this incident occurred," said Brad Arkin, Chief Security Officer at Adobe. "We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."

Adobe said it is currently resetting customer passwords that have been compromised; notifying customers whose credit or debit card information was involved in the incident; notifying the banks processing customer payments for Adobe, and contacting federal law enforcement to help out in the investigation. 

"We are not aware of any zero-day exploits targeting any Adobe products," said Arkin. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide."

Sources: Adobe, Adobe



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

"We deeply regret that this incident occurred"
By crimson117 on 10/4/2013 12:11:00 PM , Rating: 5
quote:
We deeply regret that this incident occurred
Not to pick on Adobe, because everyone does this, but does anyone else really hate the completely non-committal non-apology phrasings that corporate PR groups always use?

They're not sorry, but they do regret it - as if anyone in their position would instead celebrate a data breach.

And the passive voice "that this incident occurred" takes absolutely no responsibility. Why not "that we allowed this to happen" or "that hackers stole your data on our watch".

Ugh, if corporations are people, they sure communicate like sociopaths.




RE: "We deeply regret that this incident occurred"
By Avatar28 on 10/4/2013 12:21:41 PM , Rating: 3
If corporations were really people, I dare say that the majority of them would BE sociopaths.


By Wolfpup on 10/4/2013 12:30:11 PM , Rating: 2
yeah, it's built in to what they are.

I guess I'm so used to this language that I don't even bat an eye, and thought "oh, well at least they acknowledged it" lol


By mik123 on 10/4/2013 5:51:03 PM , Rating: 2
I remember one of the first episodes of Sherlock Holmes, where he investigates the murder of some corporate executive (as turned out, was killed by a secretary)

When he talks to a room full of execs, one of them admits that they all are sociopaths - that's the norm in corporate world above certain paygrade.


By Dean364 on 10/4/2013 12:50:54 PM , Rating: 2
You should never say that you're "sorry". You should always apologize .


By Apone on 10/4/2013 4:35:41 PM , Rating: 2
quote:
Ugh, if corporations are people, they sure communicate like sociopaths.


It's not so much that companies are people, but they (corporations specifically) are a separate legal entity. That means it can sue and be sued and its taxation is separate from the individuals who own & manage it (S Corporation).

However, since a corporation also grants some degree of limited liability to its managers, I'm not surprised Adobe used "regret" instead of "sorry/apologize" and "incident" instead of "responsibility" in its PR efforts.


By superstition on 10/5/2013 6:46:49 PM , Rating: 2
Only sociopaths and their lackeys say corporations are people.


Here's the email - I received one today
By masamasa on 10/4/2013 4:44:01 PM , Rating: 2
Important Customer Security Alert
To view this message in a language other than English, please click here.

We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.

To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.

We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care




By masamasa on 10/4/2013 4:45:42 PM , Rating: 3
"We do not believe any decrypted card numbers were removed from our systems."

Hmm...that sounds like an optimistic 'we have no idea, but we're hopeful'.


By Moriicon on 10/5/2013 8:35:17 AM , Rating: 2
Yup got that one too. Logged in, changed passwords, changed credit card linked to my CC payments, placed block on Card with my bank, and have new card issued.

What a waste of my day, but hey, its becoming much more prevalent now with all of the services holding our details online.

At least I was informed in a timely manner unlike some (aka Sony)


By Spookster on 10/7/2013 1:01:58 AM , Rating: 2
and to reset your password you go to that page enter your email address (which I presume the hackers already have) and they send you an email where all you have to do is click a link which takes you to a page where you just type in the new password. Genius! So what if the hackers have already gained access to customers email accounts. I'd be willing to bet that alot of people stupidly use the same password everywhere so if these hackers were smart enough to hack Adobe's system they are probably smart enough to think those logins will work elsewhere like the users email accounts.


Grammar
By DaveLessnau on 10/4/2013 10:51:18 AM , Rating: 3
"Adobe Hack Accesses Data, Source Code of 2.9 Million Customers"

I bet those 2.9 million customers are upset about having their source code stolen.




Pure genius
By Gondor on 10/4/2013 12:12:45 PM , Rating: 2
quote:
"We are not aware of any zero-day exploits targeting any Adobe products," said Arkin.


Well d'uh, this is why they are called "zero day" exploits. They wouldn't be "zero day" if they were previously aware of the existence of such an exploit.




RE: Pure genius
By inighthawki on 10/4/2013 1:16:28 PM , Rating: 1
Huh? You do realize that you can have a zero day exploit revealed that has gone unpatched, and thus "targets" that product, right?


By unimatrix725 on 10/4/2013 3:04:48 PM , Rating: 2
Who knows these days, guessing Acrobat is going to be the new target following "Flash Player". Who knows what lay in store for my PDFs now... One strange thing is those 3 products have 40GB of source? I knew Adobes stuff was bloated, but not that bad!




User accounts
By CaedenV on 10/4/2013 4:15:45 PM , Rating: 2
Maybe I need to make a schedule to change all of my passwords every month on every site and service that I use... only issue is that there are just so many accounts to keep track of!




Non issue
By augiem on 10/5/2013 12:15:45 AM , Rating: 2
Thank god for piracy!

j/k




Waiting for...
By Monkey's Uncle on 10/7/2013 8:56:28 AM , Rating: 2
Waiting for the cheap, Chinese branded versions of Photoshop and Acrobat.




"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki