Adobe says customer data stolen by hackers
Boston, October 4, 2013
Adobe Systems said on Thursday that hackers had stolen source code to some of its most popular software and data about millions of its customers.
Security experts worry about the theft of source code because close review of the programs can lead to the discovery of new flaws that can be used to launch hard-to-detect attacks against all users of that software.
The hackers took source code for Adobe Acrobat, which is used to create electronic documents in the PDF format, as well as ColdFusion and ColdFusion Builder, used to create Internet applications, Adobe said.
Adobe Chief Security Officer Brad Arkin said the company had been investigating the breach since its discovery two weeks ago and that it had no evidence of any attacks based on the theft. "Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident," Arkin wrote on an Adobe blog.
Arkin said hackers also took information on 2.9 million Adobe customers, including their names, user identification numbers and encrypted passwords and payment card numbers. He said the attacks may be related.
The company said it was resetting passwords for affected customers worldwide and warning people to change any passwords reused at other sites. The U.S. Department of Homeland Security's computer incident response team on Thursday warned that Adobe customers should be on the alert for fraud.
Adobe said it was working with banks and federal law enforcement to mitigate intrusions on customer accounts and to pursue those responsible.
The company said it had been helped by cybersecurity journalist Brian Krebs and security expert Alex Holden, who found a cache of Adobe code while probing attacks at three major U.S. data providers.
Krebs wrote on his blog, KrebsonSecurity.com, on Thursday that the two men discovered the code while investigating breaches at Dun & Bradstreet Corp, Altegrity Inc's Kroll Background America Inc and Reed Elsevier's LexisNexis Inc.
He said the Adobe code was on a server that he believed was used by those who hacked into LexisNexis and the others. The hackers offered Social Security numbers, credit report information and other highly sensitive data for sale over the Internet and had access inside the companies' websites through hacked computers, Krebs said.
In a 10-Q filing on Thursday, Adobe referred to the recent attacks in one paragraph. "We do not believe that the attacks will have a material adverse impact on our business or financial results," it said. "It is possible, nevertheless, that this incident could have various adverse effects." – Reuters
More IT & Telecommunications Stories
- Kuwait moves to create telecoms watchdog
- Batelco backs Royal Fund for Martyrs
- Egypt's Global Telecom posts $749m Q4 loss
- Red Hat launches open source BPM suite
- Batelco announces new board
- Batelco offers improved broadband
- You don't own phone numbers, warns TRA
- Tech giants back top Qatar ICT event
- Du to provide wifi access in public areas
- Zain finalises $800m, five-year loan facility
- Ooredoo Q4 net profit falls 36pc to $140m
- Mobily, Etisalat team up for LTE roaming
- Batelco approves $84m dividends for 2013
- Etisalat Q4 profit rises 70pc to $394m
- Kenya telecom firm to join Etisalat SmartHub
- Aruba appoints new sales director
- Du enters $1.17 billion financing deals
- VIVA extends 4G LTE offer
- Batelco to update students with latest technologies
- Etisalat SmartHub seals IPX agreement
- Etisalat picks Alcatel for LTE network expansion
- Boeing, QCRI host machine learning forum
- Mobily provides 4G LTE international roaming
- Viva Kuwait, Huawei to set up innovation centre
- Etisalat, Airtel deal to boost network services
- Batelco offers 4G LTE backup solution
- Arbor unveils ‘Peakflow’ solution
- Etisalat launches enterprise mobility services
- STC launches advanced 4G network
- Dubai to host ITU global summit