Tel: +44 (0) 330 380 1094

The Adobe Hack & Why I Think It Happened

October 4, 2013 Chris Fairey

On October 3rd 2013 Adobe (the world's largest supplier of software and services for the design and media industries) discovered unauthorised access had been made to their systems, leading to the compromise of some 2.9 million user accounts (including encrypted credit/debit card details) and the source code for their web application server - Cold Fusion.

Update 04/10/2013 19:54: Adobe also believes that the source code to Acrobat (the tool used to produce and read PDF files) may have been compromised - this could have serious repercussions should anyone use it to distribute malicious, but official-looking updates to the millions of computers that run Acrobat world-wide.

Adobe's Advice to Affected Users (including us!)

As a precaution, Adobe has already changed the passwords for all the affected user accounts, and has sent an e-mail to those users affected instructing them to change their Adobe Account password (and on any other accounts where they may have used the same password).

In addition, they are recommending that affected users monitor their bank statements for any unusual activity (just in case the attackers manage to decrypt the stolen card details), and they have already alerted their payment processing organisations, who are now in talks with banks worldwide to resolve any issues.

What The Attackers Have Access To

As Adobe has reset the passwords of affected users, the attackers won't be able to get into your Adobe Account any more (how many they managed to crack and use before Adobe changed them, is unknown at this point).

If they do indeed have the source code for Cold Fusion, then they are capable of finding any unknown security vulnerabilities present in the Cold Fusion server software - if you use Cold Fusion, this could mean your applications/web sites are at greater risk.

And lastly, should they succeed in decrypting the stolen card details, they will of course have the ability to conduct fraudulent transactions using the cards they have the details for.

Why a Subscription-based Service Makes the Perfect Target

In switching to a subscription-based business model, Adobe made themselves the perfect target for individuals who want a steady stream of active credit card numbers with which to commit fraud, the reason why is quite simple:

In order to sign up to Adobe Creative Cloud, a user must supply Adobe with current credit card details to enable them to take the monthly subscription fee. This is in stark contrast to an organisation that sells products that the purchaser owns once they've bought them - where a large number of the card details may well be out-of-date, especially if (as was often the case with Adobe) people only bought the occasional product, due to cost.

What is Adobe Doing About It?

Adobe says they are currently working with law enforcement agencies to track down the people responsible for the attack, and they are also prepared to offer Identity Theft insurance to any customer affected.

As for what they are doing to make sure it doesn't happen again - details are scarce at the moment, but I'm sure a complete analysis of the attack (which will tell them several key things about how it was done) will enable them to vastly improve security.

More Information

If you use Adobe products and have been affected by this security incident, you should already have an e-mail from Adobe informing you of the incident and the steps you need to take to reset your password (we got ours this morning).

That e-mail will contain a link to the security incident FAQ page, where they have provided detailed answers to some common questions you will probably have right now.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram