[Editor’s Note] Our Throwback Thursday is a reflection back to the Adobe Hack of 2013. As it was later parsed, the number of affected customers grew to approximately 38,000,000. Large enterprises are often a target for such malfeasance, and Adobe has a security team that can issue patches quickly to vulnerabilities as they are discovered.
Originally Published: October 8,2013
In recent tech news from a Yahoo! News article, it has been reported that unknown hackers have stolen sensitive data from almost 3 million Adobe customers.
…Hackers are believed to have taken information relating to 2.9 million Adobe customers. The stolen data was said to include customer names, encrypted credit or debit card numbers, expiration dates and other information relating to people’s orders…
Adobe chief security officer Brad Arkin said that the hacker’s sophisticated attacks on the network involved garnering direct access of customer’s information, as well as “source code for numerous Adobe products.” Further, the hackers have obtained customer’s ID’s as well as encrypted passwords.
Adobe has issued an official apology, saying that they “deeply regret” that the incident has occurred and that they are “working diligently internally, as well as with external partners and law enforcement, to address the incident.”
Shortly after the security team detected that their network had been compromised, they promptly alerted their banking and payment processing partners and immediately started resetting the passwords of all the customers involved. Then, they began notifying those people whose credit card information had been pilfered. Arkin has recommended that customers keep their Adobe passwords unique to Adobe’s website so that any potential future hacks are sequestered, and no outside information can be stolen.
Adobe has made no official statement as to which of their product’s source codes were stolen, but Brian Krebs of the Krebs on Security blog (who broke the news before Adobe confirmed it, basing it on recently struck data brokers), stated that his opinion was that “ColdFusion Web application platform and possibly [the] Acrobat family of products” could have been among those affected.
So what’s to come of the stolen data, even if it is encrypted? According to Rajesh Ramanand, CEO of e-commerce fraud prevention platform Signifyd, the unknown thieves could use the data in spite of its encryption. Saying in a PCMag.com article on the same topic:
…In this scenario, it’s going to be hard to immediately monetize the stolen information unless someone finds a way to decrypt it. Having said that, there is an underground economy for credit cards and even accounts such as PayPal, etcetera…
And this massive breach could affect Adobe in a big way. According to Bala Venkat, chief marketing officer for Web application security firm Cenzic, because so many people and companies use Adobe, “in one way or another, the impact is enormous.”
Looking for a job in data security? Visit our Career Portal.