Adobe's Silicon Valley headquarters(Photo: Adobe)
SEATTLE – Adode has become the latest big-name data breach victim.
The company that mainstreamed desktop publishing admitted in a statement that hackers gained unauthorized access to 2.9 million customer accounts and stole part of the source code that underlies its products.
"The Adobe breach shows that everyone is fair game," says Eduard Goodman, chief privacy officer at risk management firm IDentity Theft 911. "The hackers went in and stole private consumer information in the form of card information, even if it was encrypted, and they stole intellectual property. Those are two valuable assets. "
This news was flushed out by Brian Krebs, author of the cybersecurity blog, krebsonsecurity.com.
Krebs last week disclosed similar breaches at data aggregator LexisNexis, Kroll Background America and Dunn & Bradstreet. These scoops are the result of analysis Krebs has been doing with Alex Holden, CISO of Hold Security LLC, of a massive trove of data found on a server used by cybercriminals.
Krebs and Holden found that the crooks' stored what appeared to be source code for Adobe Acrobat and Adobe ColdFusion, a web app development tool.
This could rank as one of the more devastating attacks against a tech giant. Adobe touches every personal computing device that uses its Acrobat document reader to open PDF files, and every app developer using Adobe ColdFusion to design the next hit web app.
It's a safe bet that the bad guys are hard at work devising novel ways to corrupt media and services that spin out of those widely used Adobe products. Their likely end game: innovate new ways to take control of computing devices and into sneak deep inside corporate networks.
In addition to source code, the bad guys also stole details from some 2.9 million Adobe patrons, including names, encrypted information about their credit or debit cards, the expiry dates and information related to customer orders.
The company stated that it does not believe that any decrypted payment information had been taken, but said it would inform an undisclosed number of customers confirmed to have had their passwords stolen.
Adobe has become a prime target of hackers for the past two years. Both good guy and bad guy researchers have been uncovering a string of zero-day security holes, forcing the company to issue patches.
"These are valuable assets," Goodman says. "It just goes to show that it doesn't matter who you are. Everyone is targeted. Hackers are always going to find the weak link."
In a blog post, Brad Arkin, chief security officer of Adobe, said: "Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident."
