Hackers access millions of Adobe customers’ data
Security breach part of ‘sophisticated attack’ allowing access to encrypted passwords
Hackers also illegally took copies of the source code of some of Adobe’s widely used products Photograph: Jeremy Bales/Bloomberg News
Hackers infiltrated the computer system of the software company Adobe, gaining access to credit card information and other personal data from 2.9 million of its customers, the company acknowledged late yesterday.
The security breach, which Adobe called a part of a “sophisticated attack,” also allowed hackers to obtain encrypted passwords and other personal information from customers.
Hackers also illegally took copies of the source code of some of the company’s widely used products, which are run on personal computers and businesses servers around the world.
There was no indication that the attackers obtained unencrypted credit card numbers, Adobe said in a statement. As a precaution, however, the company said it had notified customers and credit card companies about the breach and reset customer passwords to prevent further unauthorised access.
“Cyberattacks are one of the unfortunate realities of doing business today,” Adobe’s chief security officer, Brad Arkin, wrote in a blog post Thursday. “Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyberattackers.”
The breach at Adobe is one of a recent spate of hacking episodes at prominent organizations. Already this year, hackers have infiltrated database aggregators like Lexis-Nexis and Dun & Bradstreet and the security firm Kroll Associates, as well as the National White Collar Crime Center, which helps businesses protect their computer systems.
Concerns about the security of data at Adobe were first raised last week, when a technology researcher and an independent journalist investigating the hacking episodes discovered copies of Adobe source code on a server that was believed to have been used in the previous attacks. Brian Krebs, the journalist, informed Adobe about his findings, and yesterday reported the hacking on his site, krebsonsecurity.com.
One of the products that had its source code stolen is ColdFusion, which, according to Adobe, is used by the US Senate, 75 of the Fortune 100 companies and more than 10,000 other companies worldwide. Adobe security officials said they were not aware of any specific risks to customers. But because the source code contains the DNA of the software program, computer experts said it could allow hackers to find and exploit any other potential weaknesses in its security.