13 Oct 2013

Adobe Creative Cloud data endangered due to stolen credentials

Posted by iwgcr

On October 3rd 2013 Adobe posted a security announcement stating that their security team had discovered an attack on Adobe’s network. The attack resulted in a loss of information of 2.9 million customers including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. Many of the affected customers were users of Revel and Adobe Creative Cloud. There was also an investigation of the illegal access to source code of numerous Adobe products.

The news was, however, shared with the Internet community several hours before Adobe’s official announcement by Brian Krebs of the Krebs on Security blog. Krebs said that the week before, he and fellow security researcher Alex Holden of Hold Security “discovered a massive 40GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet, and Kroll Background America.”

References:

http://www.pcmag.com/article2/0,2817,2425215,00.asp

http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html

http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/