Adobe says customer data stolen by hackers
Boston, October 4, 2013
Adobe Systems said on Thursday that hackers had stolen source code to some of its most popular software and data about millions of its customers.
Security experts worry about the theft of source code because close review of the programs can lead to the discovery of new flaws that can be used to launch hard-to-detect attacks against all users of that software.
The hackers took source code for Adobe Acrobat, which is used to create electronic documents in the PDF format, as well as ColdFusion and ColdFusion Builder, used to create Internet applications, Adobe said.
Adobe Chief Security Officer Brad Arkin said the company had been investigating the breach since its discovery two weeks ago and that it had no evidence of any attacks based on the theft. "Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident," Arkin wrote on an Adobe blog.
Arkin said hackers also took information on 2.9 million Adobe customers, including their names, user identification numbers and encrypted passwords and payment card numbers. He said the attacks may be related.
The company said it was resetting passwords for affected customers worldwide and warning people to change any passwords reused at other sites. The U.S. Department of Homeland Security's computer incident response team on Thursday warned that Adobe customers should be on the alert for fraud.
Adobe said it was working with banks and federal law enforcement to mitigate intrusions on customer accounts and to pursue those responsible.
The company said it had been helped by cybersecurity journalist Brian Krebs and security expert Alex Holden, who found a cache of Adobe code while probing attacks at three major U.S. data providers.
Krebs wrote on his blog, KrebsonSecurity.com, on Thursday that the two men discovered the code while investigating breaches at Dun & Bradstreet Corp, Altegrity Inc's Kroll Background America Inc and Reed Elsevier's LexisNexis Inc.
He said the Adobe code was on a server that he believed was used by those who hacked into LexisNexis and the others. The hackers offered Social Security numbers, credit report information and other highly sensitive data for sale over the Internet and had access inside the companies' websites through hacked computers, Krebs said.
In a 10-Q filing on Thursday, Adobe referred to the recent attacks in one paragraph. "We do not believe that the attacks will have a material adverse impact on our business or financial results," it said. "It is possible, nevertheless, that this incident could have various adverse effects." – Reuters
More IT & Telecommunications Stories
- LTE leaders to tackle regional challenges in Dubai
- Batelco 'SMS Challenge' back with big cash prizes
- 7 win Etisalat million reward points
- Redington to distribute Oracle solutions in Mideast
- Etisalat's Egypt unit eyes stock listing
- Schneider enhances PowerChute with virtualization support
- Batelco shines at Dubai telecom show
- Zain warns over service disruptions
- EIAST signs Dubai Sat-2 deal
- Etisalat unveils cloud solution for businesses
- 'Smart' innovations for cities to be showcased
- TRA Bahrain launches new website
- Omantel share sale subscribed 1.99 times
- Virgin Mobile to launch Saudi service by June
- Cisco launches new platform for telecom operators
- Bit9 appoints new regional director
- Menatelecom launches new 4G offer
- Batelco unveils new business broadband package
- Mobily seals Bharti Airtel partnership deal
- VIVA launches exclusive rewards program
- US govt to shed control of net addresses
- Etisalat sets ultimatum for SIM card registration
- Acer targets double digit growth in Saudi
- UAE mobile radiation levels below global standards
- Arpu's T-Pay gateway draws top game vendors
- SAP unveils new cloud platform
- Zain launches smartphone insurance
- Windows XP users warned on usage risks
- Tecom units welcome 181 new companies
- Ooredoo chairman joins WB gender equality council