Locks and Security News: your weekly locks and security industry newsletter
19th June 2019 Issue no. 462
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Nearly 3 million in Adobe security breach
US software giant Adobe said on Thursday it had suffered a security breach affecting almost three millions accounts. "Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," Adobe chief security officer Brad Arkin said on the company's website.
"We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders."
Arkin added that at the present time it doesn't believe the hackers took any decrypted credit or debit card numbers from its systems.
The company is in the process of resetting passwords of those accounts it believes are affected by the security breach and is sending out email notifications explaining how these customers can then change their password to one of their choosing.
"We also recommend that you change your passwords on any website where you may have used the same user ID and password," Arkin said.
He added that it was also contacting customers whose credit or debit card information may have been stolen in the incident with advice on steps to take to protect against possible misuse of the data.
"Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available," he said.
In another measure to protect customer accounts, the chief security officer explained that it was contacting banks processing customer payments for Adobe to warn them of the situation.
Arkin said that such data breaches "are one of the unfortunate realities of doing business today" and said the company "deeply regretted" that the incident had occurred.
In another headache for Adobe, Arkin said his team was also looking into the illegal access of source code for a number of its products, including Adobe Acrobat, ColdFusion, ColdFusion Builder.
"We are not aware of any zero-day exploits targeting any Adobe products," Arkin said. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products."
Although Adobe says it will be contacting customers it believes have been affected by the attack, for peace of mind Adobe customers may want to change their password anyway.
9th October 2013