In a blog post on Thursday, Adobe said that during a security audit sometime around September 17, the company discovered that attackers had accessed Adobe customer IDs, as well as encrypted passwords. In addition to IDs and passwords, Adobe Chief Security Officer, Brad Arkin, said that the attackers also accessed customer names, encrypted credit and debit card numbers, expiration dates and "other information."
"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems". Question, why is that information not encrypted in the first place. What is the need to store them unencrypted.
In all, Adobe says that the breach impacts some 2.9 million customers worldwide, and that they're in the process of sending out notifications to those who had credit or debit card details compromised. Further, Adobe has alerted the banks processing customer payments, in order for them to help protect accounts upstream.
Adobe admitted that source code was breached during the incident. It wouldn't comment which product lines were breached. Adobe is the most commonly used product in almost every system out there. In theory this could mean, that their software could have more 0-days than what we are aware of. It could also mean that the current versions may have been altered, and backdoored already.
The earliest known date of discovery is September 17, but Adobe hasn't said how long the attackers have had possession of the stolen source code, nor can they comment on how far it's spread online. Last week, reporter Brian Krebs, found 40 GB worth of Adobe's proprietary data on a server used by criminals, but by the time he found it, Adobe was already investigating its theft.
In an advisory to customers, Adobe confirmed that the source code theft impacted Adobe Acrobat, ColdFusion, ColdFusion Builder and "other Adobe products." As to what those other products are, Adobe didn't say. And why would they !!!!
Adobe recommends that customers update to the latest supported software versions, and that they download the newest releases when they're made available on October 8.
"At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems". Question, why is that information not encrypted in the first place. What is the need to store them unencrypted.
In all, Adobe says that the breach impacts some 2.9 million customers worldwide, and that they're in the process of sending out notifications to those who had credit or debit card details compromised. Further, Adobe has alerted the banks processing customer payments, in order for them to help protect accounts upstream.
Adobe admitted that source code was breached during the incident. It wouldn't comment which product lines were breached. Adobe is the most commonly used product in almost every system out there. In theory this could mean, that their software could have more 0-days than what we are aware of. It could also mean that the current versions may have been altered, and backdoored already.
The earliest known date of discovery is September 17, but Adobe hasn't said how long the attackers have had possession of the stolen source code, nor can they comment on how far it's spread online. Last week, reporter Brian Krebs, found 40 GB worth of Adobe's proprietary data on a server used by criminals, but by the time he found it, Adobe was already investigating its theft.
In an advisory to customers, Adobe confirmed that the source code theft impacted Adobe Acrobat, ColdFusion, ColdFusion Builder and "other Adobe products." As to what those other products are, Adobe didn't say. And why would they !!!!
Adobe recommends that customers update to the latest supported software versions, and that they download the newest releases when they're made available on October 8.