3 Million Users' Credentials Leaked In Adobe Hack

What Adobe calls a "very sophisticated" hack of its systems may have exposed customer information.

Adobe has posted an official blog alert saying that, thanks to the "unfortunate realities of doing business today," some 3 million customer accounts may have been compromised by a number of "sophisticated" hacking attacks.

Adobe believes 2.9 million accounts were involved, and that attackers gained access to customer IDs, encrypted passwords, real names, encrypted card numbers, encrypted expiration dates, and "other information relating to customer orders." Adobe says it doesn't believe the "attackers removed decrypted credit or debit card numbers" from its system, but that's a slightly confusing statement if the attackers simply copied the info. Adobe is recommending its customers take the usual precautions: changing login credentials, keeping an eye on finances. The company is contacting customers it believes may be involved, and it's even offering those whose card data may have been compromised a year of card monitoring protection for free.

In addition to the customer data breach, Adobe says hackers may have accessed protected proprietary code for some of its products. This indicates the scale of the attack was huge, and the hackers were fiercely looking to exploit the company's information systems. Many hack attempts on companies like this can compromise some aspects of a user's info, but in this case it seems the attackers were determined to gain access to a lot of separate pieces of data which could really affect people's lives. It's also worth remembering that recent stats say 63% of Americans are victims of various cybercrimes. Hacking is sadly just a crime of the times.

[Image: Flickr user Sammat Jain]

Add New Comment

1 Comments

  • Roman Gonzalez

    "Crime of the times" is an absolutely unacceptable response, I feel. There are plenty of basic things Adobe could be doing to protect user information, the least of which is two factor authentication so that even when information is stolen, it still can't be used. There are a lot of solutions out there: SMS based one time password solutions like Google Authenticator (btw these are typically in band solutions, where an out of band solution is needed), push notifications like PhoneFactor or Authy, or token based (Yubikey and RSA but I don't want to buy a token), but I get it -- no one's going to use it if it's difficult or cumbersome. It's why I don't use Google Authenticator. So Adobe actually needs to offer more solutions to its clients. As far as usability goes, I know Toopher has invisible authentication, so I can automate logins based on location, which is really freaking great since I don't have to take my phone out and enter a code. There's some other neat stuff coming up, and I'm skeptical about some of the biometrics, but clearly the info on Adobe can effect people's lives, so clearly the onus is on them. They can't just throw up their hands and say "crime of the times".

    I'm an active user of CS6 as a video/design guy in Austin. I'm also a security enthusiast.