Adobe officials earlier this month confirmed that the company was the victim of a long term network breach which exposed consumer data including passwords and credit card information, as well as exposing the source code for some of their leading products.
Brian Krebs of KrebsOnSecurity had connected the breach to a recently discovered compromise of multiple consumer data brokers, including LexisNexis, Dun & Bradstreet, and Kroll Background America, and has now also connected the attackers to a breach at PR Newswire earlier this year.
During his investigation into the identity theft ring behind the breaches, Krebs discovered a bounty of stolen source code for Adobe’s ColdFusion Web application platform, and possibly also for its Acrobat products, and also found customer usernames and encrypted passwords for PR Newswire.
Krebs shared the data with the press release service, and they confirmed the data was in fact theirs. PR Newswire said in a statement to customers that it is “conducting an extensive investigation and have notified appropriate law enforcement authorities. Based on our preliminary review, we believe customer payment data were not compromised.”
“It’s unsettling to imaging the possible outcomes if the stolen data fell into the hands of any groups that are trying to affect political and economic stability. Misleading PR statements on behalf of major companies could disrupt stock markets, injure a company’s reputation, and affect consumers,” said Alex Holden, chief information security officer at Hold Security LLC, who assisted Krebs in his investigation.
Read More Here…