"Adobe also revealed that it was investigating the "illegal access" of source code for numerous products..."
"But Chester Wisniewski, senior adviser at internet security company Sophos, told the BBC: "Access to the source code could be very serious. Billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take control of millions of machines..."
"Adobe said it had been helped in its investigation by internet security journalist Brian Krebs and security expert Alex Holden. The two discovered a 40GB cache of Adobe source code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis."
This was included in the Adobe confirmation that 2.9 million customers have had private information stolen during a "sophisticated" cyber attack on its website.
Adobe's security team recently discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident. Read the FAQ.
8 Things We Know So Far About Adobe’s Customer Data Breach
Hello again friends, welcome back to the show that never ends: another massive corporate data raid, millions more user accounts and login credentials and payment details potentially compromised, and top secret source code on the loose.
Adobe Gets Hacked, Product Source Code And Data For 2.9M Customers Likely Accessed
Uh oh — Adobe has just disclosed that one of their servers has been hacked.
While their investigations are still ongoing, Adobe has shared a few details on what they believe could have been accessed and obtained in the hack — and it’s a big one.
From what Adobe has shared so far, it sounds like the hackers had access to encrypted data for as many as 2.9 million customers. While Adobe stresses that the data is encrypted and that they “do not believe the attackers removed decrypted credit or debit card numbers”, that data — encrypted or not — is definitely not something they want out in the wild.
Computer type PC/Desktop System Manufacturer/Model Number Hewlett-Packard/G62-107SA Notebook OS Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1 CPU Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Motherboard Hewlett-Packard 1425 Memory 8 GB DDR3 Graphics Card Intel(R) HD Graphics Sound Card Realtek High Definition Audio Monitor(s) Displays Builtin Screen Resolution 1366 x 768 x 32 bits (4294967296 colors) @ 60 Hz
Mouse Microsoft Bluetooth Notebook Mouse 5000 Hard Drives 250 GB SATA Hard Disk Drive 7200 rpm
2TB Seagate GoFlex USB 2 Drive
1TB Iomega Prestige USB 2 Drive
1.5TB Iomega Prestige USB 2 Drive (Samsung)
1TB Iomega NAS. Internet Speed 60 Mbs download 3 Mbs upload Antivirus Norton 360 Browser Chrome
One of the posters, on the ZDNet article about this incident, claimed:
Adobe and the researcher who broke the story said it was likely that the exploit was from Adobe running an *out of date* version of their own ColdFusion software with known vulnerabilities. *Face Palm*
Computer type PC/Desktop System Manufacturer/Model Number n/a OS Windows 7 Ultimate SP1 (64 bit), Windows XP SP3, Linux Mint 14 MATE (64 bit) CPU AMD Phenom II x6 1055T, 2.8 GHz Motherboard ASRock 880GMH-LE/USB3 Memory 8GB DDR3 1333 G-Skill Ares F3-1333C9D-8GAO (4GB x 2) Graphics Card ATI Radeon HD6450 Sound Card Realtek? Monitor(s) Displays Samsung S23B350 Screen Resolution 1920x1080
Mouse Wired Optical Case Tower Cooling 2x Antec TRICOOL 120mm Fans Hard Drives Western Digital 1 TB (SATA), Western Digital 1.5 TB (SATA), Western Digital 2 TB (SATA) Internet Speed DSL Antivirus Avast Browser Pale Moon (64 bit) Other Info Linux Mint 14 MATE (64 bit) replaced with Linux Mint 16 MATE (64 bit) - 2013-11-13
Ubuntu 10.04 (64 bit) replaced with Linux Mint 14 MATE (64 bit) - 2013-01-14
RAM & Graphics Card Upgraded - 2013-01-13
Monitor Upgraded - 2012-04-20
System Upgraded - 2011-05-21, 2010-07-14
HDD Upgraded - 2010-08-11, 2011-08-24