Adobe breach far bigger than thought – 38 million records, Photoshop code leaked in attackRich
Adobe has admitted around 38 million active users may have had IDs and encrypted passwords accessed by unknown attackers in a breach earlier this year.
Previously, it had been estimated that around three million users had data accessed, but a new report by Brian Krebs of KrebsonSecurity revealed the true scale of the breach may have been far larger than thought – and that source code for software such as Photoshop may also have leaked.
ESET Researcher Stephen Cobb described the breach as “unprecedented” at the time, due to the fact that attackers also appeared to have accessed source code for Adobe’s Acrobat software.
Krebs says, “It also appears that the already massive source code leak at Adobe is broadening to include the company’s Photoshop family of graphical design products.”
The company now admits that “numerous” products were affected by the breach.
“Our investigation to date indicates that a portion of Photoshop source code was accessed by the attackers as part of the incident Adobe publicly disclosed on Oct. 3,” Edell wrote. The company’s ColdFusion web application platform may also have been accessed.
ESET researcher Stephen Cobb says, “Access to the source code could be a major asset for cybercriminals looking to target computing platforms such as Windows or mobile operating systems such as Android.”
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” said Adobe spokeswoman Heather Edelll.
“We have completed e-mail notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident — regardless of whether those users are active or not.”
Other leaked information also included encrypted credit or debit card numbers along with expiry dates, and “other information related to customer orders,” according to The Next Web.
Adobe has sent emails to users whose credit card details may have been leaked, according to CNET. The company has also created a page for customers potentially affected by the breach, explaining the risks, and how to change their passwords.
“Adobe’s security team recently discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products,”” the company says. “ We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident.”
Author Rob Waugh, We Live Security
CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America. CED Solutions is a Platinum CompTIA Partner and is one of the largest providers of training in North America. The Atlanta facility provides IT training for up to 490 students per day, with three buildings dedicated to training. CED Solutions provides training for up to 10,000 students per year and students take up to 800 certification exams every two weeks.
CED Solutions provides training and certification for Cisco CCNA; Cisco CCNP; Cisco CCNA Security; Cisco CCNP Security; Cisco CCNA Voice; Cisco CCNP Voice; Microsoft MCSA: Windows 2012 Server; MCSA: Windows 2008 Server; MCSA: SQL 2012 Server; MCSE: Business Intelligence SQL 2012 Server; MCSE: Data Platform SQL 2012 Server; MCSE: Desktop Infrastructure Windows 2012 Server; MCSE: Server Infrastructure Windows 2012 Server; MCPD: 6 Cert Visual Studio Developer; MCSD: Windows Store Apps C#; MCSD: Windows Store Apps HTML5; IT Healthcare Technician and many more.