Hackers steal Adobe product source code and credit card data of three million customers

Share this article:

Adobe is warning nearly three million of its customers that their credit card data was breached – and that the intruders also appear to have stolen product source code via “sophisticated attacks.”

On Thursday, Adobe CSO Brad Arkin announced in a blog post that the company is notifying by letter customers whose credit or debit card numbers and expiration dates were accessed. Adobe is also resetting customer passwords, as hackers obtained an undisclosed number of Adobe customer IDs and encrypted passwords in the attacks.

“Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products,” Arkin wrote. “We believe these attacks may be related.”

Arkin later added that “we do not believe the attackers removed decrypted credit or debit card numbers from our systems.”

Banks that process customer payments for Adobe were notified of the breach, and the company is assisting federal police in an investigation.

In an earlier blog post published on Wednesday, Arkin revealed a number of Adobe products where source code was purloined by saboteurs: Adobe Acrobat, ColdFusion, ColdFusion Builder, as well as other products were impacted.

Security blogger Brian Krebs and Alex Holden, CISO at Hold Security, aided Adobe in responding to the incident, Arkin wrote on Wednesday.

On his website, Krebs wrote on Thursday that he and Holden discovered the source code leak about a week earlier. Krebs posted a screen shot of the stolen source code, which he and Holden found on a server operated by the hackers.

The investigations led the security experts to believe that the attackers were the same criminals that hacked other entities, including LexisNexis and more recently, the National White Collar Crime Center (NW3C). According to Krebs, the attackers leveraged vulnerabilities in Adobe's ColdFusion Web application server to compromise NW3C between late May and August 17.

Krebs revealed that Adobe had launched its own investigation on the breach as of Sept. 17, and that the company confirmed that hackers likely accessed the source code around mid-August.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier ...

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.