Monday 11 November, 2013

Adobe Gets Hacked and What It’s Doing about It

On October 13th, software giant Adobe announced that one of its servers had been hacked. The announcement said that hackers obtained access to information about users and its programs. It said that it especially affected users who used the Creative Cloud version of their software suite.

The company reported that nearly 3 million users’ data had been compromised. The data in question was personal information such as names, credit card information and other data related to Adobe product purchases.

Adobe reported that the credit card information that was stolen was encrypted and therefore should be safe. No decrypted data was compromised and according to the company, there is no way for hackers to decrypt and use this data. Credit card data included encrypted CC numbers and expirations dates.

Raising the Stakes on Advanced Persistent Threats

What many consider more alarming is that the hackers made away with some of the source code used for Adobe products. Likely targets include Acrobat and ColdFusion. While Adobe stresses that this isn’t information that could be used to access users’ computers, it could lead to ongoing trouble in the form of what are known in the security world as Advanced Persistent Threats (APTs).

An APT is a type of attack that is ongoing, where it isn’t known how long hackers have been in the system. Adobe believes hackers had access since possibly early June. But what’s alarming is that with the company’s source code as well as its digital certificate code signing infrastructure, which hackers also reportedly obtained, they could create malware posing as legitimate Adobe products and there would be no way to tell the difference. Pundits are saying that there has never been an APT of this scale before.

What Adobe Is Doing about It

Adobe contacted authorities as well as banks and payment processors with all of the details of the attack. It reset passwords for users whose accounts may have been compromised and sent out emails urging users to change passwords.

The company is still trying to figure out exactly how the data was stolen. Adobe Security Chief Brad Arkin said in a statement that the compromised server’s configuration was ‘not to Adobe corporate standards for a build server.’ He added that it is very regrettable that the company’s regular provisioning process didn’t catch the attack earlier.

Adobe has had some goodwill issues with its customers and criticism over its Creative Cloud software, so this attack couldn’t have helped the company’s reputation. However, it’s pretty certain that they will do damage control and try to effectively solve the problem.

If you’re an Adobe user, the following measures are recommended:

*  If you’re a Creative Cloud subscriber, look carefully at your statements.

*  If you get emails from Adobe related to new products, click links with caution

*  Follow any instructions you receive from Adobe in regard to fixing the problem or any related threats.

Bob Steele

Bob Steele is an entrepreneur, software developer, marketer, and author living in the Denver metropolitan area. He’s an avid outdoorsman who loves skiing, hiking, fishing, boating, and just plain having fun. His interests include games, space, technology, physics, cooking (well eating actually), economics, business, internationalism, and team sports. With over thirty years of professional consulting experience, Bob has been exposed to many diverse business models and has gained a sensible approach to life. Bob’s company, WaveCentric is focused on commerce, marketing, and entertainment related products.

More Posts - Website

Comments Off on Adobe Gets Hacked and What It’s Doing about It   Posted In: Mobile Computing, Uncategorized   |    Written By: Bob Steele