In wake of Adobe breach, attackers may use insight to dig up zero-days

Share this article:

In the aftermath of a major breach at Adobe, which compromised the financial and personal information of millions and left product source code in the hands of saboteurs, security experts warn users to be vigilant moving forward.

While the public learned of the incidents on Wednesday and Thursday via separate announcements, prior to the news getting out, Adobe was approached by security journalist Brian Krebs and Hold Security CISO Alex Holden.

The two told the company of their alarming discovery: A server containing 40 gigabytes of stolen source code, including that of Adobe, had also been used by hackers that breached LexisNexis, commercial data provider Dun & Bradstreet, risk consulting firm Kroll and the National White Collar Crime Center (NW3C).

Adobe has already begun notifying customers that sensitive data was accessed by hackers – including names, encrypted credit and debit card numbers and card expiration dates. In addition, the company began resetting customer passwords, as miscreants obtained an undisclosed number of Adobe customer IDs and encrypted passwords in the breach.

In addition, on Wednesday, Adobe's CSO Brad Arkin revealed in a blog post that the information on a number of company products, including Adobe Acrobat, ColdFusion and ColdFusion Builder, were pilfered by attackers.

Further disclosure by Krebs revealed that Adobe had launched its own investigation on the breach as of Sept. 17; the company also told him that hackers likely accessed the source code around mid-August.

Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.