Adobe security breach, hackers steal 2.9M accounts and source code

Adobe reveals customer data stolen in security breach, hackers have accessed sensitive information for 2.9 million users and to the source code of many products.

Adobe Systems Inc has warned that customer data stolen in a security breach. According an official advisory, 2.9 million customers might have had their information stolen due a cyber attack that hit the company’s website.

Stolen information includes sensitive data such as customer names, encrypted credit or debit card numbers, and expiration dates. Adobe said it believes that the attackers did not remove decrypted debit or credit card information.

“Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products.””Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred.”  reports the company in a statement on its website.

As expected for incident response procedure, Adobe is resetting passwords for the customer accounts involved in the security breach, the customers will get also an email alerting inviting to the change it.

It is strongly suggested to change the password also on every other service on the web that is accessed by the victims using the same credentials, unfortunately the bad habit of sharing credentials on multiple portals is widespread and in cases such as this could trigger a domino effect, the attackers could compromise many other services  used by Adobe customers.

There is also another shocking aspect of the attack, Adobe revealed that the source code of numerous Adobe products may have been compromised.

The famous investigator and blogger Brian Krebs first became aware of the source code leak roughly one week ago, when  working in conjunction with fellow researcher Alex Holden, CISO of Hold Security LLC, discovered a 40 GB source code on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll.  The server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat, so Krebs decided to share several screen shots of repositories with Adobe.

“Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party.  Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.”

“We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.”

The consequences could be very dangerous, from the knowledge of the source code of Adobe product the attackers could be able to develop zero-day exploits that could be used in further attacks on large scale.

“We are in the early days of what we expect will be an extremely long and thorough response to this incident,” “We’re still at the brainstorming phase to come up with ways to provide higher level of assurance for the integrity of our products, and that’s going to be a key part of our response,” “We are looking at malware analysis and exploring the different digital assets we have. Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched.” Adobe’s Chief Security Officer Brad Arkin

The company had notified law enforcement officials the security breach and is supporting the investigation of identity of the hackers. The security breach does not happen suddenly, as confirmed by Adobe itself in its release, the activity of hackers had intensified in recent months and countless attacks had struck unsuccessfully systems of the company.

While the investigation on the security breach is going on,  Adobe says it will be releasing critical security updates next Tuesday for Adobe Acrobat and Adobe Reader, hopefully not the beginning of a number of dangerous security breach caused by the exploitation of vulnerabilities in Adobe products.

Pierluigi Paganini

(Security Affairs –  Adobe, security breach)

 

This article is sponsored by RSA Conference 2014. Click to learn more