Adobe has been hacked. The company says it’s the victim of a sophisticated cyberattack as a result of which information relating to 2.9 million customers and source code have been stolen.
Brad Arkin, Adobe’s chief security officer, explains that the cybercriminals have accessed customer IDs, encrypted passwords, names, encrypted payment card data, expiration dates, and information on orders.
The company has started notifying customers whose credit or debit card information was compromised. Adobe has also contacted the financial institutions that process their payments in an effort to prevent any misuse.
Law enforcement has been called in and an investigation has been launched. Finally, customer passwords are being reset to prevent unauthorized access to Adobe ID accounts.
In addition to customer information, Adobe also says the attackers stole source code for products such as Acrobat, ColdFusion, ColdFusion Builder and others.
“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” Atkin noted.
“We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide,” he added.
The source code stolen by the hackers was discovered by Brian Krebs and Alex Holden of Hold Security LLC. They stumbled upon 40 Gb of source code on a server used by the cybercrooks who stole data from major US data brokers.
Adobe has told Krebs that the hackers accessed one of the company’s source code repositories sometime in mid-August 2013.
Adobe has published a FAQ page, along with instructions on how to reset passwords. As always, users who have been utilizing the same username and password combination for other accounts are advised to change the password for those accounts as well.