Adobe security breach compromises 2.9M customer accounts, encrypted credit card data stolen

Posted:
in General Discussion edited January 2014
Adobe on Thursday confirmed that malicious parties had compromised its networks and potentially gleaned credit card and other personal information from the accounts of nearly three million users.



The creative software company revealed the breach in a post to its official blog. Adobe's security team recently discovered a number of "sophisticated attacks" on its network, with some of those attacks targeting customer information and source code for several Adobe products.

In all, the attackers are believed to have stolen information on 2.9 million Adobe account holders. That data includes customer names, encrypted credit and debit card numbers, expiration dates, and other customer order information. Adobe does not believe that decrypted credit or debit card numbers were removed from the network.

Adobe has contacted federal law enforcement for help in the investigation and is resetting passwords for affected accounts in order to prevent further unauthorized access. Owners of affected Adobe ID accounts will receive an email notification from Adobe with information on how to change their passwords.

The company also recommends that account holders affected by the attack change their passwords on any website where they may have signed up with the same login credentials.

On its end, Adobe has spread news of the breach to banks that process its payments, and is coordinating with payment card companies and card-issuing institutions to help protect customers' accounts. In addition, the company is extending a free one-year credit monitoring membership to those customers whose information was compromised.
«1

Comments

  • Reply 1 of 39
    mstonemstone Posts: 11,510member

    I love how when corporate sites get hacked they always say that the credit cards are encrypted so it should be fine. If the hackers were into your database they likely owned your whole server and surly would have found the encryption key. It is not like they are MD5 hashed because they need to decrypt them every time they show you the check out shopping cart page so you can use the card on record.

     

    On our e-commerce site we don't store any credit cards, not even the last four digits. The last four get emailed to the client but not saved. The full credit card goes to the merchant gateway and we never see it. I feel a lot safer not being responsible for the customers' credit cards. All these big sites like Amazon, Apple, Adobe want to keep the cards on file to make it easier for people to buy stuff but it comes at a risk.

  • Reply 2 of 39
    apple ][apple ][ Posts: 8,360member

    Glad that I'm not a customer.

     

    Besides Apple, bank accounts, stock brokers etc., I try not to keep any profiles with online retailers that store my credit card info.

     

    I do order a lot of things from the net, from a whole bunch of different sites, and I usually always check out as guest, it doesn't take long to do, and I feel safer, because I don't want to create a profile and I don't want my credit card info being stored. You simply can not trust most sites to keep your info secure.

     

    As a matter of fact, I just remembered that Amazon has one of my cards on file, so I just went there and deleted it, took less than 1 minute. I don't mind entering my CC details again next time I shop for something. And imagine having all of your personal and financial info stored and managed by the incompetent baboons in the govt? I am so damn glad that I do not have to sign up for any govt healthcare crap. I was just reading today how it might be a haven for hackers. And with the incompetent people working there, I do not doubt it for a second. They can't even manage a simple website.

  • Reply 3 of 39
    rcfarcfa Posts: 746member

    One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.

    With these stupid "software-as-service-which-isn't-really-a-service-but-we-market-it-as-service-anyway-because-we-make-more-money-that-way" scams that are more and more popular, all the customer data gets hoarded by a few major vendors, and they are magnificent targets, particularly in the case of companies like Adobe which don't know how to write decent code in the first place.

     

    (PS: No, deriving mathematical algorithms for image processing is not the same as knowing how to write decent code, Adobe knows the former, but not the latter).

  • Reply 4 of 39
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by rcfa View Post

     

    One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.


    So where did you buy that box of Final Cut Pro X or Aperture or iWork? Apple stores your card just like Adobe and they are not immune from being hacked either. Just last month the dev site was down for a couple weeks due to hacked user profiles which probably included credit card info. To address your rant on Adobe not knowing how to code, I'm sure you have built a billion dollar software enterprise which clearly legitimizes the validity of your remarks.

  • Reply 5 of 39
    apple ][ wrote: »
    I usually always check out as guest, it doesn't take long to do, and I feel safer, because I don't want to create a profile and I don't want my credit card info being stored. You simply can not trust most sites to keep your info secure.

    Guest accounts still create accounts. Even on big ecommerce platforms like magento. Unfortunately.
  • Reply 6 of 39
    I just got done changing my password... This is going to be a terrible experience if they got my card #.
  • Reply 7 of 39
    john.bjohn.b Posts: 2,716member

    Thanks a lot, Adobe.  There is no longer any way to buy Lightroom upgrades except online, then you don't bother to properly secure that information.

  • Reply 8 of 39
    rcfarcfa Posts: 746member
    Quote:
    Originally Posted by mstone View Post

     
    Quote:
    Originally Posted by rcfa View Post

     

    One more reason not to use Creative Cloud. If you buy software licenses, you buy them at random places, wherever you get the best discount at a time.


    So where did you buy that box of Final Cut Pro X or Aperture or iWork? Apple stores your card just like Adobe and they are not immune from being hacked either. Just last month the dev site was down for a couple weeks due to hacked user profiles which probably included credit card info. 


     

    According to Apple it didn't. Nothing is absolutely secure, and nowhere do I state that I like Apple's data hoarding.

    As a matter of fact, besides the forced single-source software store, one of the main reason why I dislike the fact that Apple locks legitimate users out of their own devices, is that it's impossible to discern if an iOS device is hacked or is running spyware, unless the user has root access, which currently is only possible by jail-breaking.

    I like iOS devices to be non-jailbreakable (i.e. be secure), but with the legitimate user/owner having full root access, just like on any other decent computing system. Just because the device is small and pocketable doesn't mean it's not a computer or users shouldn't be able to rule the device they bought.

     

    Quote:

    To address your rant on Adobe not knowing how to code, I'm sure you have built a billion dollar software enterprise which clearly legitimizes the validity of your remarks.

     



     

    That's the same sort of asinine comment that ignoramuses throw e.g. at art critics: one doesn't have to be a successful author to be a literary critic; one doesn't have to be a successful musician to be a good music critic. Further, sales do not indicate anything about quality of the product, only about the quality of the marketing, otherwise, McDonalds were the best food in the world.

     

    If you need to know my credentials: I have a Sc.M. in Computer Science from an Ivy League school, and I have been working with OSX and it's predecessors ever since that little black cube called NeXT was at my disposal, which was in 1989 with NeXTSTEP 0.8.

    Without even trying, I ranked 10th, 2nd and 1st in the three bug-busting contests NeXT made, and ADC guys knew me by name due to the number and quality of bug reports I used to submit. (I gave up on that when Apple switched to a web based reporting tool that is a waste of my time, so I lost interest, given that I'm not getting paid for doing Apple software QA)

     

    So I think I know a thing or two about writing code, debugging, bug reporting, knowing the symptoms of badly written code, and eliciting bugs in software.

    One prime example of shoddy Adobe code: just about all Adobe software stops functioning when installed on a case-sensitive file system (if the installer doesn't already crash trying to install the software on a case-sensitive volume), because the Adobe programmers are incapable of #define-ing file names in one central place and then referring to these resource names by means of the corresponding macros; heck they seem to be even incapable of running a global regex search-replace to fix the case on all occurrences of resource names. Instead they refer to resources all over their code in a variety of case spellings, which means the moment the software is on a case-sensitive file system, it breaks. This is a horrendous coding practice.

    There are other examples, like e.g. their own invention (PS and PDF) being rendered more slowly and with higher resource usage by their bloated rendering engines than by the optimized 3rd party/"copycat" implementations, such as NeXT's DisplayPostScript (which NeXT licensed from Adobe and then heavily optimized and improved on in-house) or Apple's Quartz PDF rendering engine.

    There are plenty of other examples, e.g. their plug-in architecture, their ridiculously scattered software resources, their brain-dead installers, their proprietary GUI they don't even manage to get consistent across their own Creative Suite in decades, their laggard status migrating away from Carbon, etc.

    The only company that could compete in the bad code department was Macromedia (who brought as such wonders in code and resource "efficiency and elegance" as Flash), which Adobe bought up. Perfect match made in hell.

    Never mind that minor feature upgrades and various "transitions" they owe Apple (OS 9 to OS X, PPC to intel, 32-bit to 64-bit) allowed them to each time milk customers for more than the upgrades were worth and now that they see the end of the gravy train, they just turn the whole pile into a subscription-only product. If they can't innovate in software, they innovate in milking customers...

  • Reply 9 of 39
    Quote:

    Originally Posted by rcfa View Post

     

     

    According to Apple it didn't. Nothing is absolutely secure, and nowhere do I state that I like Apple's data hoarding.

    Unlike you seem to be, I'm not a blind fanboy where Apple can do no wrong. As a matter of fact, besides the forced single-source software store, one of the main reason why I dislike the fact that Apple locks legitimate users out of their own devices, is that it's impossible to discern if an iOS device is hacked or is running spyware, unless the user has root access, which currently is only possible by jail-breaking.

    I like iOS devices to be non-jailbreakable (i.e. be secure), but with the legitimate user/owner having full root access, just like on any other decent computing system. Just because the device is small and pocketable doesn't mean it's not a computer or users shouldn't be able to rule the device they bought.

     

     

    That's the same sort of asinine comment that ignoramuses throw e.g. at art critics: one doesn't have to be a successful author to be a literary critic; one doesn't have to be a successful musician to be a good music critic. Further, sales do not indicate anything about quality of the product, only about the quality of the marketing, otherwise, McDonalds were the best food in the world.

     

    If you need to know my credentials: I have a Sc.M. in Computer Science from an Ivy League school, and I have been working with OSX and it's predecessors ever since that little black cube called NeXT was at my disposal, which was in 1989 with NeXTSTEP 0.8.

    Without even trying, I ranked 10th, 2nd and 1st in the three bug-busting contests NeXT made, and ADC guys knew me by name due to the number and quality of bug reports I used to submit. (I gave up on that when Apple switched to a web based reporting tool that is a waste of my time, so I lost interest, given that I'm not getting paid for doing Apple software QA)

     

    So I think I know a thing or two about writing code, debugging, bug reporting, knowing the symptoms of badly written code, and eliciting bugs in software.

    One prime example of shoddy Adobe code: just about all Adobe software stops functioning when installed on a case-sensitive file system (if the installer doesn't already crash trying to install the software on a case-sensitive volume), because the Adobe programmers are incapable of #define-ing file names in one central place and then referring to these resource names by means of the corresponding macros; heck they seem to be even incapable of running a global regex search-replace to fix the case on all occurrences of resource names. Instead they refer to resources all over their code in a variety of case spellings, which means the moment the software is on a case-sensitive file system, it breaks. This is a horrendous coding practice.

    There are other examples, like e.g. their own invention (PS and PDF) being rendered more slowly and with higher resource usage by their bloated rendering engines than by the optimized 3rd party/"copycat" implementations, such as NeXT's DisplayPostScript (which NeXT licensed from Adobe and then heavily optimized and improved on in-house) or Apple's Quartz PDF rendering engine.

    There are plenty of other examples, e.g. their plug-in architecture, their ridiculously scattered software resources, their brain-dead installers, their proprietary GUI they don't even manage to get consistent across their own Creative Suite in decades, their laggard status migrating away from Carbon, etc.

    The only company that could compete in the bad code department was Macromedia (who brought as such wonders in code and resource "efficiency and elegance" as Flash), which Adobe bought up. Perfect match made in hell.

    Never mind that minor feature upgrades and various "transitions" they owe Apple (OS 9 to OS X, PPC to intel, 32-bit to 64-bit) allowed them to each time milk customers for more than the upgrades were worth and now that they see the end of the gravy train, they just turn the whole pile into a subscription-only product. If they can't innovate in software, they innovate in milking customers...


     

    mstone just got nuked. Nice work rcfa!

  • Reply 10 of 39
    Brought to you by Creative Cloud.
  • Reply 11 of 39
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by rcfa View Post

     
     which means the moment the software is on a case-sensitive file system, it breaks. This is a horrendous coding practice.


    Although one could format a volume with HFS + and choose to make it case sensitive no one ever does this and no Mac OS has ever been case sensitive by default since the very beginning with 400K floppies. Windows can also be formatted to be case sensitive but no one ever does that either.

     

    The only two platforms that Adobe software currently runs on are both case insensitive so where's the problem? But I also know for a fact that Adobe Illustrator, at least in 1994, ran just fine on Solaris which is case sensitive, as I used it for awhile. I would like to see some links that support your allegation to the contrary.

     

    PS: Adobe software also runs satisfactorily in WINE on Linux which also has a case sensitive file system.

  • Reply 12 of 39
    tallest skiltallest skil Posts: 43,399member
    Originally Posted by rcfa View Post

    its impossible to discern if an iOS device is hacked or is running spyware, unless the user has root access, which currently is only possible by jail-breaking.


     

    Uh… correct me if I’m wrong, but that means you instantaneously know if it is hacked or running spyware, because the only way for that to have happened is via jailbreaking. Therefore SINCE you can check (or can’t), you CAN know, either by checking (and finding out yes or no) or by being unable to check (which equals no).

     


    I like iOS devices to be non-jailbreakable (i.e. be secure), but with the legitimate user/owner having full root access, just like on any other decent computing system.



     

    Contradiction in phrases, and you should know that. Full access, all the time, means not secure.

     

    That's the same sort of asinine comment that ignoramuses throw e.g. at art critics: one doesn't have to be a successful author to be a literary critic; one doesn't have to be a successful musician to be a good music critic.


     


     

    Absolutely correct, BUT “Tim Cook should have done x because I know better than Apple” helps no one.

  • Reply 13 of 39

    This is why it pays to just permanently borrow it. They're stupid subscription service sucks anyways. 

  • Reply 14 of 39
    adamcadamc Posts: 563member
    Quote:

    Originally Posted by mstone View Post

     

    Although one could format a volume with HFS + and choose to make it case sensitive no one ever does this and no Mac OS has ever been case sensitive by default since the very beginning with 400K floppies. Windows can also be formatted to be case sensitive but no one ever does that either.

     

    The only two platforms that Adobe software currently runs on are both case insensitive so where's the problem? But I also know for a fact that Adobe Illustrator, at least in 1994, ran just fine on Solaris which is case sensitive, as I used it for awhile. I would like to see some links that support your allegation to the contrary.

     

    PS: Adobe software also runs satisfactorily in WINE on Linux which also has a case sensitive file system.


     

    What a non reply. Nuked is nuked.

  • Reply 15 of 39
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by AdamC View Post

     
     

    What a non reply. Nuked is nuked.


    His rant is pure BS angry Linux geek. Yeah Adobe doesn't run natively on Linux. For people like me who use Adobe CC all day long every day and make a good living at it know the power of the tools. People who bitch about Adobe CC as being a terrible product do not use it to make money. It is a fantastic suite, always has been and nothing comes close for professional work. All sour grapes because they can't pirate it now.

  • Reply 16 of 39
    murmanmurman Posts: 159member

    I'm (not so) secretly thanking the hackers, but then again, this won't bring back retail software, not going to be non-subscription download only, nor even per app subscription. This is what happens when you have a monopoly and all your biggest competitors can only limp along.

  • Reply 17 of 39
    rot'napplerot'napple Posts: 1,839member

    As much as they pushed, pushed and pushed for me to purchase the cloud, I'm glad I went with the disc with CS suite on it.  Fortunately, credit card used has expired.

  • Reply 18 of 39
    freerangefreerange Posts: 1,584member
    rcfa wrote: »

    ...The only company that could compete in the bad code department was Macromedia (who brought as such wonders in code and resource "efficiency and elegance" as Flash), which Adobe bought up. Perfect match made in hell.
    Never mind that minor feature upgrades and various "transitions" they owe Apple (OS 9 to OS X, PPC to intel, 32-bit to 64-bit) allowed them to each time milk customers for more than the upgrades were worth and now that they see the end of the gravy train, they just turn the whole pile into a subscription-only product. If they can't innovate in software, they innovate in milking customers...

    Great job! Thank you for the intelligent analysis and summary of what we all know but are unable to articulate from a technology point of view... That Adobe products are overly complicated, bloated crap, and that the company is no better than an extortionist! If only Apple would acquire this bag of shit and re-engineer it for us! Now there would be a good use of funds, rather than lining Carl Icahn's pockets.
  • Reply 19 of 39
    (Claps slowly and deliberately) Bravo, Adobe. Bravo. You screwed up royally. I want a two-year free Creative Cloud subscription.
  • Reply 20 of 39
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by FreeRange View Post

     
     If only Apple would acquire this bag of shit and re-engineer it for us! 


    Worst possible outcome for professionals. Apple would release version one and then wait three years to completely redesign it for amateur consumers. Wrong. It would be akin to Apple buying Autodesk and making AutoCAD user friendly for soccer moms.

Sign In or Register to comment.