Adobe Data Breach

October 04, 2013

On October 3, 2013, Adobe announced that it had been a victim of a cyber attack that resulted in a data breach. This breach resulted in attacker(s) gaining access to the detailed customer information as listed below.

• Customer Names
• Encrypted credit or debit card numbers
• Expiration dates
• Other information relating to orders

Adobe also acknowledged that the attacker(s) have gained access to the source code for Adobe Acrobat, ColdFusion, and ColdFusion Builder, however, Adobe is not aware of any Zero day vulnerabilities in any of these products.

Adobe will be reaching out to all customers who have been affected by this breach informing them to change their passwords, as well as providing additional guidance to help safeguard against potential misuse of the compromised data if their credit or debit card numbers were part of the breach.

Recommendations:

We recommend the following actions:

• Change passwords for all Adobe accounts.
• Monitor financial accounts that are used for purchasing Adobe products for fraudulent activity (ProCard & personal).
• Make sure Adobe Acrobat, ColdFusion, and ColdFusion Builder software is running supported versions, and apply all available security updates after appropriate testing.

References:

Adobe:

• http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
• http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html
• http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html?promoid=KHQGF

Source:

Multi-State Information Sharing & Analysis Center, Cyber Alert