Adobe: Cyber attackers removed personal info from 2.9 million customers

Adobe has become the latest large tech company to be hit by a cyber attack. Today, the maker of such products as Flash and Adobe Reader has revealed that its digital security team found that "sophisticated attacks on our network" has resulted in a ton of personal information being removed from their servers, along with the source code for many of Adobe's software products, including Adobe Acrobat, ColdFusion, ColdFusion Builder and others.

The blog post stated:

Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders.

The company is now going to reset all customer passwords and will be sending emails to the people who are affected with instructions on how to change their password. If a customer's credit or debit card information was taken, Adobe is offering a one-year complimentary credit monitoring membership. At this time, Adobe does not believe the attack took any decrypted credit or debit card numbers.

As far as the source code theft, Adobe indicated in a separate blog post that there should not be any increased risk to the customers who uses these products.

Source: Adobe | Image via Adobe

Report a problem with article
Previous Story

Microsoft offers more info on how Outlook.com works with Mail app in Windows 8.1

Next Story

MakerBot CEO talks about 3D printing support in Windows 8.1 in new video

29 Comments

Commenting is disabled on this article.

Whew... Close call! Thankfully, I registered my products under this name:

Hamburgler Grimace
Happyguy@aol.com
666 McDonalds road
Antartica, CA 12345


not believe the attack took any decrypted credit or debit card numbers.

Hmm so does this mean they store some details unencrypted??

Great thing the "Creative Cloud". Loose all your work. They can keep their stupid cloud and subscription services. I never trusted the public "cloud" and never will.

Squuiid said,
Adobe: Put all your files on Adobe's Creative Cloud.... oh, wait!

What does this have to do with customer data being stolen from Adobe Servers?

Geezy said,
Get ready for a bunch of 0-day exploits on flash and reader...

On a positive note, at least the Gimp will get a boost...

I just feel sorry for the NSA, I'm sure people will find the watermarks in the images that adobe secretly add to every image /s

Geezy said,
Get ready for a bunch of 0-day exploits on flash and reader...

Unfortunately I think that's going to be the most impactful outcome of this.

sagum said,

On a positive note, at least the Gimp will get a boost...

I just feel sorry for the NSA, I'm sure people will find the watermarks in the images that adobe secretly add to every image /s

How will a toy like gimp get a boost?

Looking forward to all the Adobe reader and flash 0 days that will be coming from this. More reason to get off the Wintel bandwagon.

recursive said,
More reason to get off the Wintel bandwagon.

How so, when Reader and Flash are available for other operating systems too?

recursive said,
Looking forward to all the Adobe reader and flash 0 days that will be coming from this. More reason to get off the Wintel bandwagon.

how is that related to windows and Intel?

any platform is vulnerable to browser and document viewer flaws. Of course, most popular platforms are exploited much more often.

since android/ios/linux are rarely used for enterprise productivity, malwares are less frequent, but not inexistent! (remember the flaw in iOS that allowed to run malicious code as root just by visiting a website?)

recursive said,
Looking forward to all the Adobe reader and flash 0 days that will be coming from this. More reason to get off the Wintel bandwagon.

You mean jump on the OSXtel bandwagon then with the same Adobe applications and plugins as Windows?

What about ColdFusion? That's used all over the place!


Wait, I forgot. We can party like it's 1999, but that doesn't mean it's still 1999.

I just don't get these companies

There's a PC in my house which is unable to be hacked by any hacker. Even the worlds best computer minds are unable to hack my system. You know why? it's not connected to the Internet! sometimes the simple solution is the best

You know apples imessage system? I know for a fact that can be hacked so anyone can read anyone elses imessages. I've seen it being done, and the solution is far easier than I ever could have imagined.

glen8 said,
I just don't get these companies

There's a PC in my house which is unable to be hacked by any hacker. Even the worlds best computer minds are unable to hack my system. You know why? it's not connected to the Internet! sometimes the simple solution is the best

You know apples imessage system? I know for a fact that can be hacked so anyone can read anyone elses imessages. I've seen it being done, and the solution is far easier than I ever could have imagined.

You'd think that'd be the case. However, just because a machine is not connected to a network doesn't mean it's not vulnerable from attacks.

For example, say Adobe were inclined to store all their source code on 1 machine, and that machine had no network connections to it and the only way to get source code to and from it was via CD/DVDr/Tape backups.
I can tell you know, that it'd be every so easy to social engineer their customer support desk and tell a sob story such as "I'm working on the new Flash plugin and my workstation just went down, as you know we're not allowed network connections in, can you fedex me one over ASAP." Of course it'd take a bit more then that, but if you put in the effort you could win a free disk sent to you. Or even, the admin's boss's machine gets hi-jacked, fake emails are sent out to the admin in charge of backups, along with emails to fedex with new drops setup to the new off site archive center. Chances are it'll be already setup and sent by the time the boss reads the admin's weekly report.

As for your own situation, depending on how bad I wanted your data. There are a number of things I could do, ranging from spoofing your wifi and injecting adverts and news articles onto your facebook stream, bbc/cnn news sites etc offering free upgrades on a government program, with free data migration. Or even get the local print studio do some flyers and setup a phoney flyers to offer free migration of data with a free upgrade machine for every system you have.
Worst still, I could setup a raid of your home with police and data security teams and use your willingness to protest your innocence and of course trust in a uniform. It's easy to say you'd never fall for it, but people fall for the 'scam artist' all the time.

The only time a machine isn't vulnerable is when it's not been built. Even unplugged, and buried 6ft under isn't safe.


I can just imagine Adobe's own network being hacked due to a Flash or PDF vulnerability

You can further protect your source code by using variable names like "the_thing" and "some_thing_42" and class names like "__bunch_of_things_33_jacksux_45"

Spicoli said,
That's not very practical though in the age of developers and partners being all over the world.

Sure it is. It can be on internal servers and yet still accessible by employees with VPN.

TCLN Ryster said,

Sure it is. It can be on internal servers and yet still accessible by employees with VPN.

Giving tons of people access to your internal network is a bigger risk.