In wake of Adobe breach, attackers may use insight to dig up zero-days

Share this article:

In the aftermath of a major breach at Adobe, which compromised the financial and personal information of millions and left product source code in the hands of saboteurs, security experts warn users to be vigilant moving forward.

While the public learned of the incidents on Wednesday and Thursday via separate announcements, prior to the news getting out, Adobe was approached by security journalist Brian Krebs and Hold Security CISO Alex Holden.

The two told the company of their alarming discovery: A server containing 40 gigabytes of stolen source code, including that of Adobe, had also been used by hackers that breached LexisNexis, commercial data provider Dun & Bradstreet, risk consulting firm Kroll and the National White Collar Crime Center (NW3C).

Adobe has already begun notifying customers that sensitive data was accessed by hackers – including names, encrypted credit and debit card numbers and card expiration dates. In addition, the company began resetting customer passwords, as miscreants obtained an undisclosed number of Adobe customer IDs and encrypted passwords in the breach.

In addition, on Wednesday, Adobe's CSO Brad Arkin revealed in a blog post that the information on a number of company products, including Adobe Acrobat, ColdFusion and ColdFusion Builder, were pilfered by attackers.

Further disclosure by Krebs revealed that Adobe had launched its own investigation on the breach as of Sept. 17; the company also told him that hackers likely accessed the source code around mid-August.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.