Sign in with
Sign up | Sign in

Adobe Data Breach Exposes 3 Million Customer Credit Cards

By - Source: Tom's Guide US | B 18 comments
Tags :

UPDATED 10 am ET Monday (Oct. 7) with news that Gmail was segregating some Adobe breach-notification emails as spam.

Adobe Systems, maker of Photoshop, InDesign, Premiere and other professional creative software products, said today (Oct. 3) that  the personal and financial data of nearly 3 million Adobe customers, as well as the source code for Adobe products, had been stolen in a massive data breach.

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," read an Adobe company blog post attributed to Chief Security Officer Brad Arkin.

"We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers," Arkin added, "including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."

MORE: 5 Free PC Security Programs Worth Downloading

Arkin said the company was resetting passwords on affected accounts, notifying customers whose credit- or debit-card information was exposed, notifying the financial institutions handling customer accounts and working with law enforcement.

"Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available," Arkin said.

Adobe set up a page with instructions for customers on how to reset their Adobe passwords.

Apart from what Adobe recommends, customers who have ever bought software directly from the Adobe website should immediately change their passwords for the Adobe account, as well as for any account that shares that password, and also closely monitor their financial records for the next several months.

In a separate blog posting dated yesterday (Sept. 2), Arkin said that "Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party."

"Based on our findings to date," Arkin said, "we are not aware of any specific increased risk to customers as a result of this incident."

Arkin thanked Brian Krebs, the independent security blogger who has been investigating professional identity thieves at his KrebsOnSecurity blog.

Krebs has revealed that a single gang used sophisticated malware to breach the networks of Dun & Bradstreet, LexisNexis and the National White Collar Crime Center, and then resold the information in underground criminal marketplaces.

Examining the gang's server contents (which were posted online by a rival group of hackers), Krebs and fellow researcher Alex Holden of Hold Security found source code for Adobe products in a 40-gigabyte trove of stolen software.

Krebs informed Adobe of the findings a week ago, and in return Adobe told Krebs the company had been conducting its own investigation since mid-September.

In June, Adobe began a multi-year process to shift its software distribution from the traditional model of boxed DVDs sold in stores to an open-ended subscription model, in which paying customers download software straight from the Adobe website. (The new subscriptions were almost immediately hacked and pirated.)

That's a noble effort to combat piracy and unauthorized re-use of Adobe products — millions of Americans have copies of Photoshop they didn't directly pay for — but it also means that Adobe aims to retain the credit-card information of almost all its customers.

Judging by today's events, that might not be such a good idea.

UPDATE: On Sunday (Oct. 6), independent information-security researcher Graham Cluley noted that an email from Adobe notifying him of the data breach had been diverted by Gmail into Cluley's spam folder.

"It's not clear quite why Gmail has mistaken this legitimate email from Adobe as spam, but clearly the Google service has misidentified it as an attempt to phish details from users," Cluley wrote on his blog.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 0 Hide
    sykozis , October 3, 2013 3:19 PM
    Digital distribution is and will always be a major security risk. Cases like this, prove that physical distribution is superior to digital....
  • 1 Hide
    sykozis , October 3, 2013 3:19 PM
    Digital distribution is and will always be a major security risk. Cases like this, prove that physical distribution is superior to digital....
  • 4 Hide
    phatboe , October 3, 2013 4:28 PM
    TRUST THE CLOUD@@@!!!111 TRUST THE CLOUD@@@!!!111
  • Display all 18 comments.
  • 1 Hide
    eodeo , October 3, 2013 5:06 PM
    I like how I'm not using CC. CS6 4tw
  • 1 Hide
    chicofehr , October 3, 2013 5:11 PM
    That's why I only have pre-paid credit cards. I only put enough on them for what I need to buy then its empty again.
  • 1 Hide
    curiosul , October 3, 2013 5:12 PM
    Am I considered a troll if I say "open source software FTW!" ?
  • 0 Hide
    f-14 , October 3, 2013 6:51 PM
    this is highly amusing considering almost all of the healthcare industry uses adobe in one more multiple capacities for much of the health insurance industry programs.

    2.9 million hospitals and insurers just got screwed, hopefully some hacker group finds a way to drain 90% of the obamacarefunds every year and the entire program gets scraped after sending america into world bankruptcy courts.
  • 1 Hide
    24oz , October 3, 2013 7:00 PM
    Thanks alot Adobe for protecting my CC info :( 
  • 2 Hide
    jhansonxi , October 3, 2013 8:23 PM
    Any bets on if this breach started with a Flash exploit?
  • 2 Hide
    wiinippongamer , October 3, 2013 8:41 PM
    brb free software CS6 clones.
  • 1 Hide
    wiinippongamer , October 3, 2013 8:41 PM
    brb free software CS6 clones.
  • 0 Hide
    ddpruitt , October 3, 2013 8:58 PM
    Quote:
    Digital distribution is and will always be a major security risk. Cases like this, prove that physical distribution is superior to digital....


    That's an asinine short sighted view. This has nothing to do with the distribution method. The only difference between digital and physical is the organization holding the credit card numbers. Odds are that Adobe maintains fewer credit card numbers than another organization that processes transactions like Best Buy or Amazon. At they very least Adobe came clean about the attack sooner rather than 6 months down the line when they were forced to.
  • 2 Hide
    belardo , October 3, 2013 11:45 PM
    There is a reason why I DON'T have websites or services SAVE MY bloody CC information!
  • 2 Hide
    cats_Paw , October 4, 2013 12:58 AM
    And this is why i always turn off the "save my information for later payments" in Steam.
  • 0 Hide
    JackFrost860 , October 4, 2013 1:47 AM
    I got an email from Adobe saying that all my information has been stolen including my CC, so please change your Adobe password. WFT! How is that going to help? It's gone now, like contact my back and cancel my CC would be better advice.
  • 1 Hide
    JackFrost860 , October 4, 2013 1:51 AM
    PS. Thanks Adobe for being upfront and honest.
    PPS. You suck at security. Once the source code is analysed and new weaknesses can be found anyone with a Adobe product installed will be vulnerable... even more so that is...
  • 0 Hide
    JackFrost860 , October 4, 2013 1:51 AM
    PS. Thanks Adobe for being upfront and honest.
    PPS. You suck at security. Once the source code is analysed and new weaknesses can be found anyone with a Adobe product installed will be vulnerable... even more so that is...
  • 0 Hide
    rokit , October 4, 2013 4:05 AM
    Clouds are so good. Autodesk is heading this way as well, thanks God their prices are too high to jump on cloud versions.
    Oh and, f**k you Adobe! Don't you have any security pros in there?
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS