Nearly 3 Million of Adobe’s customers have had their private information compromised during a cyber attack on its website, Adobe has confirmed. Adobe also stated that it was investigating the illegal access of some source code for its products, which included the hugely popular Adobe Acrobat and ColdFusion.
Adobe’s chief security officer, Brad Arkin stated that Adobe “deeply regretted” the incident. He states “We believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”
In an interview with the BBC Chester Wisniewski, who is a senior advisor at Sophos, thought that the breach could be very serious. He went on to say “billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take control of millions of machines. This is on the same level as a Microsoft security breach,” he added.
Security experts Brian Krebs and Alex Holden are assisting Adobe with their investigations. The two discovered a 40GB cache of Adobe source code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis. Mr Krebs said the Adobe code was on a server he believed the hackers used.
Immediately Adobe said that it is resetting the passwords for customer accounts it believes were compromised, and that those customers will get an email alerting them to the change. Whilst also recommending customers affected change their passwords and user information for other websites for which they used the same ID.
For those US customers whose debit or credit card information is suspected of being accessed, Adobe is offering a complimentary one-year subscription to a credit-monitoring programme.
Adobe said it had notified law enforcement officials and is working to identify the hackers. All information can be found on the Adobe blog, here.