backtop


Print 19 comment(s) - last by Monkey's Uncle.. on Oct 7 at 8:56 AM


  (Source: rack.1.mshcdn.com)
The company doesn't think hackers got decrypted credit/debit card numbers

Adobe was the target of a major hack recently where nearly 3 million customer accounts were compromised.

A security breach on one of Adobe's servers has resulted in hacked access to product source code and data of 2.9 million Adobe customers. 

Adobe said that some of the customers' personal information was encrypted, and that they “do not believe the attackers removed decrypted credit or debit card numbers." But it's still not a good thing that this information is wandering around cyber space. 

Some of the personal information included Adobe customer IDs, encrypted passwords, customer names, encrypted credit or debit card numbers, expiration dates and information relating to customer orders.

Adobe also said that source code for at least three Adobe products (Acrobat, ColdFusion, and ColdFusion Builder) has been compromised. Brian Krebs, of KrebsOnSecurity.com said he found 40GB of Adobe source code on the private server of a hacking group. 

Adobe believes that the hackers broke into a portion of Adobe’s network that manages credit card transactions for customers, and accessed a source code repository sometime in August 2013.

"We deeply regret that this incident occurred," said Brad Arkin, Chief Security Officer at Adobe. "We’re working diligently internally, as well as with external partners and law enforcement, to address the incident."

Adobe said it is currently resetting customer passwords that have been compromised; notifying customers whose credit or debit card information was involved in the incident; notifying the banks processing customer payments for Adobe, and contacting federal law enforcement to help out in the investigation. 

"We are not aware of any zero-day exploits targeting any Adobe products," said Arkin. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide."

Sources: Adobe, Adobe



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Pure genius
By Gondor on 10/4/2013 12:12:45 PM , Rating: 2
quote:
"We are not aware of any zero-day exploits targeting any Adobe products," said Arkin.


Well d'uh, this is why they are called "zero day" exploits. They wouldn't be "zero day" if they were previously aware of the existence of such an exploit.




RE: Pure genius
By inighthawki on 10/4/2013 1:16:28 PM , Rating: 1
Huh? You do realize that you can have a zero day exploit revealed that has gone unpatched, and thus "targets" that product, right?


"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki