Adobe Announces Security Breach
PUBLIC SERVICE, 7 Oct 2013
David Kocieniewski – The New York Times
Hackers infiltrated the computer system of the software company Adobe, gaining access to credit card information and other personal data from 2.9 million of its customers, the company acknowledged on Thursday [3 Oct 2013].
The security breach, which Adobe called a part of a “sophisticated attack,” also allowed hackers to obtain encrypted passwords and other personal information from customers.
Hackers also illegally took copies of the source code of some of the company’s widely used products, which are run on personal computers and businesses servers around the world.
There was no indication that the attackers obtained unencrypted credit card numbers, Adobe said in a statement. As a precaution, however, the company said it had notified customers and credit card companies about the breach and reset customer passwords to prevent further unauthorized access.
“Cyberattacks are one of the unfortunate realities of doing business today,” Adobe’s chief security officer, Brad Arkin, wrote in a blog post on Thursday. “Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyberattackers.”
The breach at Adobe is one of a recent spate of hacking episodes at prominent organizations. Already this year, hackers have infiltrated database aggregators like Lexis-Nexis and Dun & Bradstreet and the security firm Kroll Associates, as well as the National White Collar Crime Center, which helps businesses protect their computer systems.
Concerns about the security of data at Adobe were first raised last week, when a technology researcher and an independent journalist investigating the hacking episodes discovered copies of Adobe source code on a server that was believed to have been used in the previous attacks. Brian Krebs, the journalist, informed Adobe about his findings, and on Thursday publicly reported the hacking on his site, krebsonsecurity.com.
One of the products that had its source code stolen is ColdFusion, which, according to Adobe, is used by the United States Senate, 75 of the Fortune 100 companies and more than 10,000 other companies worldwide.
Adobe security officials said they were not aware of any specific risks to customers. But because the source code contains the DNA of the software program, computer experts said it could allow hackers to find and exploit any other potential weaknesses in its security.
A version of this article appears in print on October 4, 2013, on page B7 of the New York edition with the headline: Adobe Announces Security Breach.
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.