Adobe has suffered a massive cyber-attack, in which not only the source code of many Adobe products has stolen, but also the sensitive information of 2.9 million customers including usernames and encrypted passwords have been compromised.
Hackers broke into its system – probably in mid-September – to have the access of particularly sensitive information. Adobe’s security team discovered suspicious activity during regular security monitoring and found this catastrophe. All user data is “fortunately” encrypted, but encryption can be broken, and then made readable data.
After Adobe Systems, the next target is Yahoo.
It’s one of the major attacks on any company as hackers have accessed the source code of Adobe products particularly Adobe Acrobat, ColdFusion and ColdFusion Builder. Adobe products are installed on millions of systems and since the code is out, it greatly facilitate the task to find critical flaws in the products.
“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates and other information relating to customer orders,” said Adobe’s Chief Security Officer, Brad Arkin.
Internal sources familiar with the situation have revealed to Inferse that the security team put on high-alert. And, an email has been circulated in the Adobe house citing almost all products source code leaked, and a total of 40GB data has stolen. It’s also confirmed by Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer, Hold Security LLC. who confirmed this incident. Besides, the Adobe Customer Care team is helping the impacted customers and filling Adobe Security Incident Response Form.
Based on the current investigation to date, Adobe hasn’t reported any specific increased risk to customers as a result of this incident, but thanked Brian Krebs for their help. Meanwhile, it’s being reported that an Egyptian Hacker named ViruS_HimA is behind this fiasco. He claims to have data, like Firstname, Lastname, Title, Phone, Email, Company, Username, Password hash, of users including Adobe Employees, US military, Google and other companies.
His intention was to bring the Company attention to the vulnerability of their security team and for the same reason his next target is Yahoo. Hima said “Don’t be like Microsoft, Yahoo security teams!! But be like Google security team.”
Now, the San Jose-based Company is trying to move the data to a secure server and resetting the user’s password to prevent unauthorized access to Adobe ID accounts. Now, the Adobe team is sending alert to customers whose credit or debit card information is compromised along with notifying banks processing customer payments for Adobe.