Adobe Hacked: Customer Info Stolen

[cfrizz]

Nobody is twisting anyone's arm to use these services I know that it might be convenient. but I'd rather have the supposed inconvenience of using my own pc and hard drives to download and sideload/store my books. It's why I make sure I either had space or a card reader on all of my devices to keep all of my current books with plenty of room for more.

They can shove these cloud services into outer space for all I care, I won't be utilizing any of them not when storage space is cheap and plentiful enough for me to buy and under my own control.

[Yolina]

Adobe isn't just for ebook DRM - Photoshop, Lightroom and a whole bunch of other pieces of software are used in a professional capacity by many and now that Adobe have effectively stopped doing non-cloud upgrades then sooner or later all of us who need to use it will have to switch to that (unless they see the light and offer "normal" non-subscription, non-cloud software again). Personally I have taken the decision to hold out and just keep using what I have now for as long as I can but obviously at some point I simply won't have any other option, because it's software that I need to earn a living.

[library addict]

Hmm, I have two different email accounts with them, one for ADE and one for Photoshop, etc. Didn't get the email for either until I went to the site to sign in.

[stormcloude]

Quote:

Originally Posted by silverraven

My email was different. Now I'm paranoid!



I clicked, and changed it.
*sigh*
Anyone else get this email?
S

Yeah, that's the one I got.

[Purple Lady]

Quote:

Originally Posted by stormcloude

Yeah, that's the one I got.

This is the email I got after going to their website and trying to login.

[library addict]

Quote:

Originally Posted by Purple Lady

This is the email I got after going to their website and trying to login.

That's the one I got as well.

[Blossom]

Quote:

Originally Posted by library addict

That's the one I got as well.

If it shows up right after trying to log in into your account. It pretty safe to assumed it's from them.

So if you want to make sure. Just open your email then go to Adobe and log in when it says they reset your password a email should pop up in your email seconds later.

That's how it did it for me.

[library addict]

Quote:

Originally Posted by Blossom

If it shows up right after trying to log in into your account. It pretty safe to assumed it's from them.

So if you want to make sure. Just open your email then go to Adobe and log in when it says they reset your password a email should pop up in your email seconds later.

That's how it did it for me.

Yes, I figured it was from them since that's what happened for me as well.

I had checked to see if I got the initial email when the story first broke, but I had not. It didn't occur to me to try to sign in to Adobe and that would trigger the email prompt to change passwords until I read this thread.

[aardbewoner]

adobe yeah verry secure stuff the make,pdf reader has/had more holes then even i.e. has .And force you to use the net more , sleep well

[SteveEisenberg]

I borrowed a book from the Brooklyn Public Library 3M collection. Then, within a couple minutes, at 8:07 PM Eastern Time, I got an email saying that I should change my password.

I did what the email from Adobe said -- picked a new all-new password and gave it to Adobe. Then I logged back onto the 3M Cloud Library application and successfully got in with my old Brooklyn Library card number and PIN. So it looks like the password I changed is for Adobe services I don't use. Maybe once long ago, I did use them, once or twice, but I don't recall it.

This is one of those computer things that happen and make you, or at least me, feel unintelligent. I think I should understand the connection between their password and using the library, but I do not.

[Lynx-lynx]

Steve the point you make is sweetly relevant, but some of us have greater contact with Adobe than just the pifling ADE and elibrary stuff.

Adobe's business model now is that it wants to only sell cloud based software and discontinue all cd/dvd based versions of its software, irrespective of whether one is a business or private customer.

To that end it currently sells Creative Cloud products which are the versions later than (for example) CS6 software. (So CS7 if you want to think of it like that)

Adobe is using the euphemism "subscription" to describe the purchase, because one won't ever actually own the software - merely rent it via 'subscription'.

Adobe probably considers that's a good business model because it will stop people being able to 'give away' their very expensive Adobe disk software to their friends etc and ensure that people have to pay via 'subscription' to access it instead.

I foresee that Adobe will draw continuing antagonistic reactions (read hacked) the further they go down this business model route. And probably the main reason will be because the hackers will will be showing that Adobe doesn't live in a 'cloud' but in the real physical world.

Of course, the best solution is people use and support products other than Adobe - but that isn't always possible as in buying a book of your choice with Adobe DRM embedded.

Edit
On reading the info I sourced after writing this post I think that it's now safe to say that the agenda of the hackers responsible for this current Adobe attack is way beyond just those who want to 'share around' Adobe software.

[Lynx-lynx]

Extraordinary - just took a look at http://www.adobe.com/au/ and saw the following on the opening page:

'One million members. One million thank yous (sic).

Here's to everyone who's joined Creative Cloud and discovered a new way to create.'

So - there's potentially 1 million email and credit card accounts alone that may have been hacked recently.

[Lynx-lynx]

The following is a rather long article taken from Oct 4 Sydney Morning Herald.

The gist of it is that:

- Adobe's been looking into a breach of its networks since Sept 17
- they still aren't sure what has been hacked but can say that source code for ColdFusion and Acrobat have been taken
- a 40 GB source code trove has been identified that was stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll.
- The revelations come just two days after KrebsOnSecurity published a story indicating that the same attackers apparently responsible for this breach and the intrusions against the data brokers also broke into the networks of the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organisation that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime. As noted in that story, the attackers appear to have initiated the intrusion into the NW3C using a set of attack tools that leveraged security vulnerabilities in Adobe’s ColdFusion Web application server.

Spoiler:

Adobe has revealed it was the victim of sophisticated cyber attacks on its networks by hackers who accessed data belonging to millions of customers along with the source code to some of its popular software titles.

Chief Security Officer Brad Arkin said in a statement Thursday (US time) that the company believed the attackers accessed Adobe customer IDs and encrypted passwords and removed data relating to 2.9 million Adobe customers. That information includes customer names, encrypted payment card numbers, expiration dates and information relating to orders, he said. Attackers stole login data for an undetermined number of Adobe user accounts.

He said they also accessed the source code for several Adobe software titles including Acrobat, ColdFusion and ColdFusion Builder. The company is better known for its Acrobat Reader, Photoshop, Illustrator, InDesign and Flash software among others.

KrebsOnSecurity first became aware of the source code leak roughly one week ago, when this author — working in conjunction with fellow researcher Alex Holden, CISO of Hold Security LLC — discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll. The hacking team’s server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat.
Advertisement

Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. Thursday, Adobe responded with confirmation that it had been working on an investigation into a potentially broad-ranging breach into its networks since September 17.

In an interview with KrebsOnSecurity, Adobe confirmed that the company believed hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers. Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that the bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network.

Adobe said the credit card numbers were encrypted and that the company does not believe decrypted credit card numbers left its network. Nevertheless, the company said that later today it will now begin the process of notifying affected customers — which include many Revel and Creative Cloud account users — via email that they need to reset their passwords.

Adobe launched Creative Cloud in April 2012. A year later it killed packaged software and vowed to transfer its customers to the cloud.

A spokesperson for the company in Australia said the investigation was continuing and there were no details as yet on the number of local customers affected. Australia does not have data breach notification laws that require companies announce when they've been hacked but a blog post by Arkin indicates affected all customers will receive email notification.

In an interview prior to sending out a news alert on the company’s findings, Arkin said the information shared by KrebsOnSecurity “helped steer our investigation in a new direction.” Arkin said the company has undertaken a rigorous review of the ColdFusion code shipped since the code archive was compromised, and that it is confident that the source code for ColdFusion code that shipped following the incident “maintained its integrity.”

“We are in the early days of what we expect will be an extremely long and thorough response to this incident,” Arkin said. The company is expected to publish an official statement this afternoon outlining the broad points of its investigation so far.

Arkin said Adobe is still in the process of determining what source code for other products may have been accessed by the attackers, and conceded that Adobe Acrobat may have been among the products the bad guys touched. Indeed, one of the screen shots shared with Adobe indicates that the attackers also had access to Acrobat code, including what appears to be code for as-yet unreleased Acrobat components.

“We’re still at the brainstorming phase to come up with ways to provide higher level of assurance for the integrity of our products, and that’s going to be a key part of our response,” Arkin said. He noted that the company was in the process of looking for anomalous check-in activity on its code repositories and for other things that might seem out of place.

“We are looking at malware analysis and exploring the different digital assets we have. Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched.”

The revelations come just two days after KrebsOnSecurity published a story indicating that the same attackers apparently responsible for this breach and the intrusions against the data brokers also broke into the networks of the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organisation that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime. As noted in that story, the attackers appear to have initiated the intrusion into the NW3C using a set of attack tools that leveraged security vulnerabilities in Adobe’s ColdFusion Web application server.

While Adobe many months ago issued security updates to plug all of the ColdFusion vulnerabilities used by the attackers, many networks apparently run outdated versions of the software, leaving them vulnerable to compromise. This may have also been the vector that attackers used to infiltrate Adobe’s own networks. Arkin said the company has not yet determined whether the servers that were breached were running ColdFusion, but acknowledged that the attackers appeared to have gotten their foot in the door through “some type of out-of-date” software.

Adobe has released a statement about these incidents here and here. A separate customer security alert for users affected by this breach is here. Also, in a hopefully unrelated announcement, Adobe says it will be releasing critical security updates next Tuesday for Adobe Acrobat and Adobe Reader.

KrebsOnSecurity

Adobe says it will be releasing critical security updates next Tuesday for Adobe Acrobat and Adobe Reader.

[melmac]

Quote:

Originally Posted by library addict

Yes, I figured it was from them since that's what happened for me as well.

I had checked to see if I got the initial email when the story first broke, but I had not. It didn't occur to me to try to sign in to Adobe and that would trigger the email prompt to change passwords until I read this thread.

This is what I don't understand it seems to me that Adobe are being very lax about protecting there users by waiting for us to log in before telling us to change our passwords. I have not logged into Adobe since I first got my ereader a few years ago I have no need to as I use Sony's reader software however potentially my email and password is in the hands of hackers Adobe should be proactive and email all their users about this potential breach and not waiting for us to come to them.

[Lynx-lynx]

Melmac I found the following text from the SMH article referenced in my post above:

'A spokesperson for the company in Australia said the investigation was continuing and there were no details as yet on the number of local customers affected. Australia does not have data breach notification laws that require companies announce when they've been hacked but a blog post by Arkin indicates affected all customers will receive email notification.'

I'm absolutely dumbfounded that we don't have 'breach notification laws' .... I would have thought that it would something that the ASX would want to know about for listed companies because of the potential this information could have on trading.

It seems not .... let's hope our Gov't was affected by this breach and wasn't given the nod by Adobe whilst the rest of us were ignored and then maybe we'll got those breach disclosure laws, eh!!