Hackers struck Adobe systems on Thursday, stealing the source code of all products and login identities and passwords of 2.9 million customers.

It’s been three days after the Adobe System breach, and Adobe Secure Software Engineering Team (ASSET) is still trying to move the data on a secure location. Even, they haven’t yet figure out the exact amount of data lost in the havoc, but sources claimed that it was around 40GB.

It hasn’t only stirred the stock price of the Jose-based Company but raised the question on the credibility of Adobe’s security systems.

After analyzing the image of ColdFusion source code repository found on the hacker’s server, we learned that the hacked adobe server was located at Noida, India. The code was compressed in zip archives, which were password protected. However, all can be broken using Brute-Force method, dictionary attacks, and pattern checking and word-list substitution method easily. Whether ASSET is moving the data to a US based server or they will continue with Noida server is still unknown.

Adobe Cold Fusion Source Code

On Thursday, Adobe’s Chief Security Officer Brad Arkin said that the hackers broke into Adobe system in mid-August 2013, and accessed source code repository of several products including Adobe Acrobat, ColdFusion, and ColdFusion Builder along with credit card and login credentials of Adobe customers. In response to that, they have contacted federal law enforcement and are assisting in their investigation. Afterwards, we haven’t heard anything from Brad and eagerly waiting for the progress report on the matter.

When asked about the vulnerability Adobe software as a result of the incident, Adobe Secure Software Engineering Team said, “We are not aware of any zero-day exploits targeting Adobe products. However, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the relevant security hardening guides. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.”

The incident isn’t a geographical based and has affected Adobe’s customers worldwide. It has also shaken the trust of customers, but Adobe is working diligently internally, as well as with external partners to prevent these types of events from occurring in the future.

Now, the company is trying to make peace with customers. Internal sources revealed to Inferse that if a customer is a victim of the Credit Card Fraud then they are offering one-year complimentary credit monitoring membership with Experian worth $700. A notification email is sent to all affected customers with a code. They need to contact Experian Team at (866) 578-5413, and they will help customer to get started the service. However, the offer is strictly for US customers, while Adobe is still mum for the rest of the world thus far.

Adobe is sending flyers to customers stating that they have reset the password to prevent any unauthorized access. Customers are asked to visit www.adobe.com/go/passwordreset to reset the password from or contact Adobe Customer Care.

Adobe is trying hard to retain their customers. If a customer is asking Adobe Customer Care team to cancel their subscription due to the breach; they are providing 2 or more months of free subscription; In some cases, offering 9 -12 months of free subscription.

Adobe customer should follow below steps as preventive measures:

  1. Change your Adobe passwords. Further, Adobe recommends that customers change their passwords on any website where they may have used the same user ID and password.
  2. Customers should monitor their account for incidents of fraud and identity theft, including regularly reviewing their account statements and monitoring free credit reports. If customers discover any suspicious or unusual activity on their account or suspect identity theft or fraud, they should report it immediately to their financial institution.

“U.S. only: Customers may contact the Federal Trade Commission (FTC) or law enforcement to report incidents of identity theft or to learn about steps they can take to protect themselves from identity theft. To learn more, customers can go to the FTC’s website, at www.consumer.gov/idtheft, call the FTC at (877) IDTHEFT (438-4338), or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.”

Till now, Adobe is not aware of any particular increased risk to customers as a result of the incident so just follow the preventive measures. “We value the trust of our customers. And we deeply regret any inconvenience this may cause you” says Adobe.

3 COMMENTS

  1. You think attacks against PDF file types were bad before? Now with all the source code out there for every hacker in the world to tinker with and exploit it is going to surely become one of the most insecure pieces of software a person can have installed on their device.

    Go crawl under a rock and die Adobe and do the world a huge favor!

  2. Adobe is a #$%^ company that is staffed by greedy pigs who eat other peoples sandwiches. If you or your family see anyone from adobe coming near you or your house, then lock up your pantry, fridge and all other edible items in the vicinity because the greedy pig Adobe employee will eat all your sandwiches, and apparently anything else edible to.

  3. Adobe creates a fine product and has a monopoly on most of the graphics industry within its niche products, e.g. Acrobat, Photoshop, InDesign, etc.

    Adobe faces a serious problem that seems to be getting worse, however, and which will eventually backlash against the company. The problem is the customer service. The online customer service is not clear enough. I waited on hold for over 30 minutes last night, for example, listening to beep every two minutes to finally get to Muhammed Ali. He did not read my first question and avoided my second question. Then said he would transfer me to tech service, but instead left me on hold for tech service for 45+ minutes, when I finally hung up.

    The thoroughness, professionalism, patience, and knowledgeability is weak. Also waste of time to request volume licensing support and get someone who is in customer service who says “I can’t handle any technical service.” Better to set the system so a person doesn’t wast time contacting in the first place.

    Also, my volume license has been requested about every one to two weeks when I open my Photoshop. This is ridiculous. It should request only one time. What if I’m unable to connect to the Internet? I won’t be able to do my work! Despite telling customer service about this multiple times in the last few months, tech support hasn’t fixed this bug.

    Your break in was very likely done by someone in India who works for your company, by the way.

    sincerely,

    Joel Yasskin

LEAVE A REPLY

Please enter your comment!
Please enter your name here