In wake of Adobe breach, attackers may use insight to dig up zero-days

Share this article:

In the aftermath of a major breach at Adobe, which compromised the financial and personal information of millions and left product source code in the hands of saboteurs, security experts warn users to be vigilant moving forward.

While the public learned of the incidents on Wednesday and Thursday via separate announcements, prior to the news getting out, Adobe was approached by security journalist Brian Krebs and Hold Security CISO Alex Holden.

The two told the company of their alarming discovery: A server containing 40 gigabytes of stolen source code, including that of Adobe, had also been used by hackers that breached LexisNexis, commercial data provider Dun & Bradstreet, risk consulting firm Kroll and the National White Collar Crime Center (NW3C).

Adobe has already begun notifying customers that sensitive data was accessed by hackers – including names, encrypted credit and debit card numbers and card expiration dates. In addition, the company began resetting customer passwords, as miscreants obtained an undisclosed number of Adobe customer IDs and encrypted passwords in the breach.

In addition, on Wednesday, Adobe's CSO Brad Arkin revealed in a blog post that the information on a number of company products, including Adobe Acrobat, ColdFusion and ColdFusion Builder, were pilfered by attackers.

Further disclosure by Krebs revealed that Adobe had launched its own investigation on the breach as of Sept. 17; the company also told him that hackers likely accessed the source code around mid-August.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.