Hackers steal the info of 2.9 million Adobe customers -- are you affected?
Adobe Flash is a necessary evil. I say "necessary" because even though HTML5 has made major strides, a full and complete web experience still seems to rely on Adobe Flash. I say "evil" because, from a security standpoint, some of Adobe's products (Flash and Reader particularly) are constant thorns in the sides of users and administrators. It feels like almost every other day there is a new security update for an Adobe product. Steve Jobs infamously banned Flash from iOS and Adobe killed-off the Linux and Android versions voluntarily. Sadly, Adobe today announces a far worse security issue than a Flash or Reader exploit.
Today, Adobe Chief Security Officer, Brad Arkin writes, "very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related".
He further explains, "our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems".
The blog post details the following steps that the company is taking:
- As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
- We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
- We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.
- We have contacted federal law enforcement and are assisting in their investigation.
The blog post ends with an apology from the company, "we value the trust of our customers. We will work aggressively to prevent these types of events from occurring in the future. Again, we deeply regret any inconvenience this may cause you". The irony of course is that only paying Adobe customers are affected. The people that chose instead to pirate Adobe's expensive software, like Photoshop, will not likely find their information in the company's server.
While the customer data compromise is the most important information in the announcement, the source code theft should not be overlooked. Not only can this impact Adobe's finances by having the information leaked to competitors but the code can also enable hackers to better find security vulnerabilities. Yes, customers are affected by the source code theft too.
Are you a paying Adobe customer? How do you feel about your information potentially being stolen? Tell me in the comments.