Adobe has issued a communication to all of its customers this morning that it has sustained an attack to its network and its system has been breached. As a consequence, anyone who has conducted a transaction with Adobe has potentially had their name, encrypted payment card number, and card expiration date accessed by the attackers, although the number of affected customers has been placed at 2.9 million by Adobe’s Chief Security Officer, Brad Arkin. Adobe does not believe that any decrypted card numbers were removed from their systems.
The recommendation is for all Adobe customers to change their account passwords, which you can do by following this link, and to change the passwords of any accounts that might share your original Adobe password or ID. You should also keep a close eye on your bank transactions, be alert for any unusual payments, and to notify your bank if you spot anything untoward.
In addition to customer data, proprietary sourcecode for the ColdFusion web application and Acrobat programmes were filched. This has the potential to open up millions of users to security breaches, if the hackers can capitalise on any security holes or bugs in the code. Just think how many people use Acrobat.
The breach was spotted by Brian Krebs of Krebson Security; he has asserted that the hackers responsible were also behind the LexisNexis hack and it probably commenced at some time in mid-August.
Keep alert, people, and please remember to practise proper password security.
(Most information came direct from Adobe, some additional details from Ars Technica)