04 Oct 2013
Adobe confirmed losing 2.9 million customer data and the source code of numerous Adobe products in a sophisticated” cyber attack on the company’s network.
“We believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.” Adobe Chief Security Officer Brad Arkin wrote in a blogpost. “At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems.” he added.
Adobe is also investigating the “illegal access” of source code for some of their products, among which Adobe Acrobat and ColdFusion.
The Adobe announcement came shortly after security journalist Brian Krebs reported a hack against US data aggregators LexisNexis, Dunn & Bradstreet and Kroll Background America – an attack initiated mid-August. Apparently during that investigation, Brian Krebs and security export Alex Holden came across a 40 GB cache of Adobe source code on a server used by some of the attackers.
Brad Arkin told Adobe customers the company will reset the passwords of all customers believed to have had their accounts compromised and will send an e-mail letting them know of the change. The company offers a “one-year complimentary credit monitoring membership” to those customers whose credit or debit card data is thought to have been accessed.
Adobe notified the banks processing the customers payments for the company and is currently assisting the federal law enforcement in an ongoing investigation.