Hackers struck Adobe systems on Thursday, stealing the source code of all products and login identities and passwords of 2.9 million customers.
It’s been three days after the Adobe System breach, and Adobe Secure Software Engineering Team (ASSET) is still trying to move the data on a secure location. Even, they haven’t yet figure out the exact amount of data lost in the havoc, but sources claimed that it was around 40GB.
It hasn’t only stirred the stock price of the Jose-based Company but raised the question on the credibility of Adobe’s security systems.
After analyzing the image of ColdFusion source code repository found on the hacker’s server, we learned that the hacked adobe server was located at Noida, India. The code was compressed in zip archives, which were password protected. However, all can be broken using Brute-Force method, dictionary attacks, and pattern checking and word-list substitution method easily. Whether ASSET is moving the data to a US based server or they will continue with Noida server is still unknown.
On Thursday, Adobe’s Chief Security Officer Brad Arkin said that the hackers broke into Adobe system in mid-August 2013, and accessed source code repository of several products including Adobe Acrobat, ColdFusion, and ColdFusion Builder along with credit card and login credentials of Adobe customers. In response to that, they have contacted federal law enforcement and are assisting in their investigation. Afterwards, we haven’t heard anything from Brad and eagerly waiting for the progress report on the matter.
When asked about the vulnerability Adobe software as a result of the incident, Adobe Secure Software Engineering Team said, “We are not aware of any zero-day exploits targeting Adobe products. However, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the relevant security hardening guides. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.”
The incident isn’t a geographical based and has affected Adobe’s customers worldwide. It has also shaken the trust of customers, but Adobe is working diligently internally, as well as with external partners to prevent these types of events from occurring in the future.
Now, the company is trying to make peace with customers. Internal sources revealed to Inferse that if a customer is a victim of the Credit Card Fraud then they are offering one-year complimentary credit monitoring membership with Experian worth $700. A notification email is sent to all affected customers with a code. They need to contact Experian Team at (866) 578-5413, and they will help customer to get started the service. However, the offer is strictly for US customers, while Adobe is still mum for the rest of the world thus far.
Adobe is sending flyers to customers stating that they have reset the password to prevent any unauthorized access. Customers are asked to visit www.adobe.com/go/passwordreset to reset the password from or contact Adobe Customer Care.
Adobe is trying hard to retain their customers. If a customer is asking Adobe Customer Care team to cancel their subscription due to the breach; they are providing 2 or more months of free subscription; In some cases, offering 9 -12 months of free subscription.
Adobe customer should follow below steps as preventive measures:
- Change your Adobe passwords. Further, Adobe recommends that customers change their passwords on any website where they may have used the same user ID and password.
- Customers should monitor their account for incidents of fraud and identity theft, including regularly reviewing their account statements and monitoring free credit reports. If customers discover any suspicious or unusual activity on their account or suspect identity theft or fraud, they should report it immediately to their financial institution.
“U.S. only: Customers may contact the Federal Trade Commission (FTC) or law enforcement to report incidents of identity theft or to learn about steps they can take to protect themselves from identity theft. To learn more, customers can go to the FTC’s website, at www.consumer.gov/idtheft, call the FTC at (877) IDTHEFT (438-4338), or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.”
Till now, Adobe is not aware of any particular increased risk to customers as a result of the incident so just follow the preventive measures. “We value the trust of our customers. And we deeply regret any inconvenience this may cause you” says Adobe.