In what Adobe Systems, Inc. (ADBE) called a “sophisticated attack,” hackers tapped the software company’s system, gaining access to credit card and other personal information as well as IDs and encrypted passwords to nearly three million customers. The cyberthieves also snagged source codes to some of Adobe’s popular products like Acrobat and Coldfusion (used by the US Senate and nearly all Fortune 100 companes), to name a few.
Adobe said it doesn’t believe that the hackers got any decrypted credit or debit card information.
“Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers,” Adobe’s chief security officer Brad Arkin wrote on Thursday in blog post.
Adobe is currently contacting customers that were affected and changing relevant passwords, while advising that customers go to other websites that they may have used the same ID and password and make changes there as well. Customers whose data was hacked are being contacted via email from Adobe, so if you think you may have been part of the activity, keep and eye on your inbox.
As an Adobe customer, I received an email, which was as follows:
Important Customer Security Alert
We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. We currently have no indication that there has been unauthorized activity on your account. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. We do not believe any decrypted card numbers were removed from our systems.
To prevent unauthorized access to your account, we have reset your password. Please visit www.adobe.com/go/passwordreset to create a new password. We recommend that you also change your password on any website where you use the same user ID or password. As always, please be cautious when responding to any email seeking your personal information.
We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.
We deeply regret any inconvenience this may cause you. We value the trust of our customers and we will work aggressively to prevent these types of events from occurring in the future. If you have questions, you can learn more by visiting our Customer Alert page, which you will find here.
Adobe Customer Care
Security blogger Brian Krebs of KrebsOnSecurity.com, first reported on the security breach. Krebs said that he first became aware of the source code leak a week ago when a collaborative effort with Hold Security chief information security officer Alex Holden uncovered a “massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll.”
After submitting the information to Adobe, Krebs was told that Adobe had been investigating a breach since Sept. 17. Adobe has said that based on their findings to date, they are not aware of any specific increased risk to customers as a result of the attack.
From a stock perspective, shares of ADBE dropped 1.2 percent in Thursday trading to close at $50.88.