Adobe has confirmed the company was the victim of a long term network breach which exposed consumer data including passwords and credit card data, as well as exposing the source code for some of their leading products.
“Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related,” said Brad Arkin, Adobe’s Chief Security Officer.
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” Arkin continued.
Adobe made the announcement after Brian Krebs of KrebsOnSecurity had connected the breach to a recently discovered compromise of multiple consumer data brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background America.
During his investigation into the identity theft ring behind the breaches, Krebs discovered a bounty of stolen source code for Adobe’s ColdFusion Web application platform, and possibly also for its Acrobat products.
“Adobe confirmed that the company believes that hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers,” Krebs reports,
“Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that the bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network.”
Categories: Top Security Stories