Skip to main content

Security Alert: Adobe Compromise

October 04, 2013

Adobe Inc. posted a public disclosure on October 3, 2013, that they had been compromised by sophisticated attackers and that customer information along with source code for numerous Adobe products had been exposed.

Adobe's Announcement

The public announcement came after security researchers Alex Holden and Brian Krebs initially identified exposed code from Adobe and contacted the organization. Mr. Krebs discloses that responses to the communications include identification that Adobe has been investigating a breach into its network since mid-September 2013.

Customer Information

The number of customers currently identified is approximately 2.9 million with potential exposure of customer name, encrypted credit/debit card numbers, expiration dates and other information related to customer orders.

Adobe is reaching out to customers that have been identified as being impacted - those with credit/debit information exposed - and offering the option of enrolling in a one-year, complimentary credit monitoring membership (where available). Adobe is also resetting relevant customer passwords and notifying impacted customers via email. An additional recommendation made by Adobe is to reset any online account that may use the same user ID and password.

FishNet Security recommends that all customers review their account credentials and information along with modifying their password for the Adobe website. If you use the same password at any other website, it is recommended that those passwords be modified as well with different passwords being used for each location.

Additionally, all customers should review charges to their credit/debit cards on a regular basis. Many credit/debit card providers include the ability to actively monitor cards and send basic transaction information to a contact. This solution is recommended for personal cards that may have been used on the Adobe website.

Source Code

Adobe has addressed the unauthorized access to source code for multiple products in the following release:

Adobe's Announcement on Source Code Access

While Adobe is down-playing the potential for malicious actions that may result from the exposure of the source code, the potential of new vulnerabilities being identified could be potentially high based on what source code was exactly exposed.

Adobe does have planned security updates for October 8, 2013. It is recommended that organizations include these updates within their standard patching programs, and that organizations monitor Adobe’s Security Bulletins and Advisory website on a regular basis for any emergency patches that may be triggered based on the reported events or other malicious activities. Organizations should also monitor their environment for uncommon connections and invalid Adobe Update executables.

Related Blogs

March 05, 2015

Why do they call it DLP?

I always have to ask myself every time I hear the acronym “DLP.” Why do they call it that? There is no “prevention” in most DLP. It should be called D...

See Details

February 05, 2015

GHOST Vulnerability Puts Linux Systems at Risk | Optiv

A critical security vulnerability in the GNU C library, CVE-2015-0235 (a.k.a. “GHOST”), was reported on January 27, 2015. Many Linux systems are vulne...

See Details

January 15, 2015

DDoS Attacks Are Seldom What They Seem

In performing incident response over the years, I have frequently been pulled into DDoS incidents. These calls don’t come in every day, but they are p...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

May 29, 2012

What is DLP (Data Loss Prevention)?

As a Certified Information Systems Security Professional (CISSP) and Payment Card Industry (PCI) Qualified Security Assessor (QSA), I frequently run i...

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

June 16, 2016

Cloud Security Services

Movement to the cloud is a necessity for organizations. Learn how Optiv’s comprehensive suite of cloud solutions can help you get there securely.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.