Adobe Systems compromised, loss of customer data and source code
Thursday, October 03 2013 @ 08:52 PM CDT
Public Notification of information compromise at Adobe Systems
Adobe has made a public acknowledgement of an information compromise of their internal systems where roughly 3 million of Adobe Systems customers' information has been breached, including customer names and detailed account information (including payment card information).
As with any breach of this nature, customers of Adobe should be aware that their information may be compromised as should take steps to defend themselves against the theft (e.g. spear phishing, fradulent use of their credit information). In the public statements, Adobe is taking proactive measures to contact customers that have been compromised (again, watch for phishing.. opportunists are always looking for angles to grab your information).
Apparently this breach is related to the group that did the LexisNexis, D&B and Kroll breach that Brian Krebs reported on last month. Krebs also has more information on his site related to the Adobe Systems compromise, however, Adobe should be commended for being transparent about the event.
The following statements provided by Brad Arkin, Adobe's Chief Security Officer, appear on Adobe's site related to the breach.
We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.
As a precaution, we are resetting relevant customer passwords to help prevent unauthorized access to Adobe ID accounts. If your user ID and password were involved, you will receive an email notification from us with information on how to change your password. We also recommend that you change your passwords on any website where you may have used the same user ID and password.
We are in the process of notifying customers whose credit or debit card information we believe to be involved in the incident. If your information was involved, you will receive a notification letter from us with additional information on steps you can take to help protect yourself against potential misuse of personal information about you. Adobe is also offering customers, whose credit or debit card information was involved, the option of enrolling in a one-year complimentary credit monitoring membership where available.
We have notified the banks processing customer payments for Adobe, so that they can work with the payment card companies and card-issuing banks to help protect customers’ accounts.