Slashdot Mirror
Adobe Hacked: Almost 3 Million Accounts Compromised
sl4shd0rk writes "Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts."
It's too risky to give your credit card number to a company like Adobe.
...to a nicer company. I feel bad for their customers, but I'm hoping this kind of breach pushes people to insist that their sensitive data isn't stored when it isn't absolutely necessary.
you can still buy offline standalone applications from adobe.... oh, wait.
However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."
In other words, the risk is as bad as ever.
First to get hacked!
(runs off to AC-land)
I hope this destroys their "Creative Cloud" or rather their extortion scheme for locking up your files if you ever stop paying them.
What are the odds this attack didn't involve a pdf exploit?
jesus christ, will someone make a fucking photoshop alternative already (don't say gimp that shit blows dongs)
Anybody?
What's that? You can't manage to release plugins without 50 remotely exploitable holes every month? Not surprised to hear that your network was hacked.
Is anyone surprised that a company that is already battered by a poor security reputation would be compromised in this way?
That they are doing their own billing isn't surprising considering their size, but not a place I'd put a personal card number.
They apparently don't sell permanent licenses anymore, you have to pay by the month.
There are pluses and minuses to each approach, but this type of thing would definitely be a minus, since customers used to buy their shrink wrap boxes from a third party retailer.
ME: Did you hack adobe again?
HIM: gross no
HIM: i don't want to get that stuff on me
ME: good point.
Flash player sources ?
Yeah. Nothing to worry about...
... the NSA just visited the data center.
...can't wait until the hackers fork their code, and create something stable and less buggy from it. It will obviously take lots of work, but if they have the skills to hack in, they're up to the challenge.
"National Security is the chief cause of national insecurity." - Celine's First Law
Good. I hope the hackers open source the code.
I bet they used Flash to get in: since Adobe seems to be pushing Flash updates about every 10 minutes lately, it's evidently got some major security problems.
Doesn't say much for the security of ColdFusion. Maybe it's time for Adobe to stop eating their own dogfood.
I am becoming gerund, destroyer of verbs.
Not that anybody assumed that Adobe would be any more immune to these type of attacks than any other company, but maybe they should take a look at how effective their web programming suites are?
According to TFA :"no "increased risk to customers as a result of this incident."
Considering that Adobe products are an endless stream of security vulnerabilities and zero days, I would say this is a fair statement. You have the same risk as you had before, when you allow their products onto your machines. As for the credit card data - shame on them. Why was that even on the same network?
Seven puppies were harmed during the making of this post.
Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla. They have ignored industry best practices and been a thorn in the side of the rest of the industry for years while being oblivious to the damage their customers have suffered from their shoddy practices.
This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite. Incidents like this are inevitable and people need to learn that their is nothing magical about the 'cloud'. Companies that have cloud dependencies for the use of their products necessarily expose all of their customers when they get cracked.
Do you trust Adobe with your security? Do you really think a company with their track record is going to get their act together?
This makes me happy to have p1r4t3d versions of CS5 and CS6.
Adobe doesn't know my details and neither do the hackers, easy peasie lemon squeezie.
Laughter is the Spackle of the Soul.
Sounds like somebody got creative with the Cloud.
It is not like this hasn't been reported at least weekly for years for various companies.
What the hell are major companies thinking?
As an Adobe customer, I'm happy they only got their hands on 3 million plaintext credit card numbers and not 4 million. That would've been a catastrophe. I'm sure Adobe will solve this problem in a flash.
This is big news. Expect untold exploits for the Adobe technology stack to emerge out of this. If someone or some group is determined to run Adobe into the ground, they are off to a good start.
Was wondering how long it would be until this choice to rent, not sell, software would bite them in their big red A.
Laughter is the Spackle of the Soul.
For Photoshop!
............
CLOUUUUUUUUUD!
welp, guess it's time to get my CC changed.
If you were me, you'd be good lookin'. - six string samurai
Your post looks photoshopped. Yep, definitely. The reflections are all wrong.
Ezekiel 23:20
Not just trial accounts with cracked editions but legitimately paid accounts? I had heard of it, just never seen it with my own eyes.
Buying a piece of software from a vendor: Adobe doesn't have your details.
Paying on a monthly basis to a software company: Adobe has your details.
Your point about the inability to see the future is intact. However, it doesn't discount being able to predict the potential future based on math and science.
Laughter is the Spackle of the Soul.
ColdFusion is built on JRun which is the most miserable POS Java servlet container conceived by the mind of man.
Since the source code is out maybe it will get some bug fixes.
Adobe appear to be so focused on pushing their "money making" business model (the no-one wants) they forget to secure their backend systems. I wonder what incentives the NSA give them to pipe the users details into PRISM?
Was it an acrobatic hack?
photoshopped reflections expert here, can confirm
That's fucking epic. How will Adobe continue to develop any of those applications without it?
So, let me recap.
Adobe just lost the source code to one of the most exposed attack surfaces known for vulnerabilities?
That'll be one hell of a peer review.
LOL
The containment and clean up of this will cost Adobe a lot of money sure but, people are going to continue to use their software and Adobe will continue to operate as normal. The regular every day user won't care and the company will continue to make awesome profits.
Not yet clear what system was breached and what platform it was running. Do you have a link to details of the attack vector? I haven't run Cold Fusion in years, once Adobe purchased it and moved it to JRun I migrated my code off Cold Fusion.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
From TFA: "nearly three million customer credit card records"
Thank God I've never actually purchased any Adobe products. Phew, that was a close one.
Organization? You must be joking..
Seconded.
Source: I've seen quite a few shops in my time. And the pixels.
Crackers, not hackers.
After which episode that Adobe had credit card records stolen from it did you make that decision?
Adobe may or may have had one before.
But there are enough other companies that have, that it's easy to make a rational choice based on the probability that it will happen to a company like Adobe, based on what has happened to companies at large that attract large bases of credit card numbers - especially as Adobe has recently moving to a subscription based service where they have presumably got a lot more credit card numbers stored than they used to before.
That was a factor in why I decided that I would not subscribe to the Photoshop subscription, even though the more recent photographically oriented pricing for just a few products was more appealing.
I'm all for paying for products myself, I do so whenever possible. But what I am not for is needless exposure of my financial data just because a company would prefer recurring revenue.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
since adobe doesn't listen, maybe we'll get the bugs fixed now.
or at least some compatibility with other applications that
are outside the adobe family
It's becoming safer to download pirated software.
not trying to start an argument but: why is source code accessible via an online server? is the code part of an open source project?
i'm confused.
ColdFusion is built on JRun...
Hey, the 90's are calling, they want your comment back.
ColdFusion runs on Tomcat now.
Adobe Hacked: Almost 3 Million Accounts Compromised
Were 3 millions accounts were "almost" compromised or does the poster mean "close to" 3 million accounts compromised.
Either way, thanks alot asshats.
The mind conceives, the body achieves, the spirit manifests.
A responsible company that size should be releasing several thousand fake corporate client lists per day. If every company did its civil duty and released thousands of fake client lists, the identity thieves would never be able to find a needle in a haystack. Nature adapts camouflage, not invisibility.
Gently reply
At my work, they require us to take annual security training ... and this year, I flat out refused to take it from any of my systems ... because I had to install flash & turn on java in my web browser. I had to go to the 'training center' to take it from one of the machines there.
... not a week later, the first of the 2013 Flash vulnerabilities was announced ... then a couple of weeks later, another one ... then the Java one ...
Then I was told that I had to take the 'advanced security' training ... what was the recommendation? to turn off flash & java in your web browser.
ah, the irony.
Build it, and they will come^Hplain.
Make companies liable for triple damages related to stolen credit card numbers. I guarantee that their security will be air tight within 6 months.
Really, given the complete failure to secure well... any of their desktop software, is there any surprise?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
They discovered they were hacked on thursday. Any idea when the breach occurred?
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I am so pissed off about Adobe's business model that I may never buy an Adobe product ever again.
That company can go to hell.
If you don't trust a company's security systems, then for smaller purchases from that company, use a pre-paid anonymous credit card. Don't attach any personal information to the card by registering it.
You can also use a pre-paid anonymous credit card at gas stations, restaurants, etc. where you don't feel comfortable giving them your regular credit card.
It costs a little more than using your regular credit card, and record-keeping for tax purposes is a little more trouble, but you'll be safer.
Edge detect: Compression artifacts everywhere.
I'm guessing English isn't your first language based on the poor grammar of your own post.. The headline is grammatically correct and unambiguous The word "almost" modifies "3 million" and is a perfectly appropriate word choice. "Close to" would be equally appropriate, but it's not a superior choice.
Adobe probably just realized that their products have been hacked for years and this is just the cover story they put out.
I'm guessing English isn't your first language either. It seems that you have just backhanded your reply without thinking twice about its grammar as well.
unambiguous The word "almost" modifies
Is the Capitalisation of word The and the lack of punctuation considered normal in the English schools you've attended? I've heard education in 3rd world countries is quite limited. I do feel sorry for the lack of resources and hardship you and your peers would have undergone in order to learn even just the basics surrounding grammar and punctuation.
No we don't. That was Macromedia. Sorry for my lack of humour.
So in addition to the very frequent update requests from Adobe's software agent, I got a major update request from it a day or so ago. Luckily I have been refusing them all (thanks Little Snitch firewall!) but I think I said yes to it once or twice in the past. Now another good reason to disallow all updates of their crap, it always seemed like saying yes would reduce security.
Why work when you can steal?
Citibank offers "Virtual Credit Cards" that are generated for you on demand. Each card is valid for one merchant only (the first transaction locks the merchant), has configurable expiration date and maximum amount limit. Even if stolen such virtual cards are of little use to the bad guys.
So a compromised network allowed more than one business unit to be hijacked. Horrible. Some admins are in deep trouble.
It's now running on a heavily customized Tomcat that's been twisted long enough until you could no longer simply update it independently.
Of course it's normal use. However that does not mean it's grammatically correct.
Still not seeing the part where software piracy is justified.
The I could fix those two trivial bugs in combination with VDPAU that Adobe has kept on ignoring (red and blue swapped and black used as key color for overlay.)
Still not seeing the part where it needs to be.
Adobe: You'll shit a brick!
Maybe now we can get usable hacked versions of their less-than-fine products - and all for freeeee? ;-)
Or somebody can do a Linux flash player again?
Not an Adobe client. Not having to worry about such break-ins, another advantage of using FOSS.
Views expressed do not necessarily reflect those of the author.
That reminded me to go have a look at Foxit, which is a great little PDF reader and more for Windows. They used to have a version for Linux (unless I'm remembering wrong?) but just went to their website and saw no trace of it.
Did they give up trying to sell to us freetards that don't want to pay for software? If so, too bad, it's a pretty good little PDF renderer. I'm using Okular, and like it too. Evince I'm not a big fan of.
If this were Usenet, I'd killfile the lot of you.
Kindly bring Adobe to its knees and liberate us serfs. With love and hope,
"SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE
It is based on Tomcat now. You also have a .war option when installing, so you can use JBoss or WebSphere as well.
Forget the credit card info - the real juicy stuff for a criminal would be to get whatever is needed to trick the update feature to trust a malicious piece of code (especially if it can be automated without user interaction!)
This is the most important thing I want to hear from Adobe's response team: Did the attackers get what would be needed to do this, yes or no?
...and you won't: you're an authoritarian
( you have been infected with 'diode morality': laws, regulations, EULAs, licenses, etc work ONE WAY ONLY, to the benefit of korporate slime, mere people have little/no rights in the marketplace...)
I'll take this one further:
Buying a piece of software from a vendor: Adobe doesn't have your details.
Paying on a monthly basis to a software company: Adobe has your details.
Software vendor not named Microsoft most responsible for exploits and attacks in the last 10 years: Adobe Systems
If they can't even keep something like Acrobat Reader secure, how the hell does anyone trust them with credit card information? The long road that has been "software activation" led us to this place.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
Well, here is your justification: Using pirated software costs less than buying original software, and since de facto not everyone pirating the companies continue to produce the software. So if you want to avoid costs and save troubles from DRM (or stolen credit cards), just pirate the software. It's a no-brainer.
Undoing mod. Meant for Funny, got Overrated instead. "Missed it by that much."
Perhaps you aren't looking at it correctly?
First off, you presume justification -- which isn't clear. They gave an explanation. Which is a form of justification that it appears you have conflated with a moral, ethical, or legal stance.
More relevantly, were it a moral argument, it might be justified in the literal terms they offered -- one of rational risk management.
This is not a big proxy for 'the ends justify the means'. It just means that some people see and respond to risk differently.
To some people a credit card theft could be utterly catastrophic. I doubt it holds for most people on /. though.
That you and/or courts feel their action is unlawful and thus inherently unjustified (note multiple meanings of justified in this reply--in this context it means not a exonnerating circumstance) has nothing to do with the explanation that was offered.
And frankly... it's Adobe. The only reason piracy isn't sanctionable against them after the hell they have caused on the web is because it continues to promote the utilization of a shit tier web, and the bullshit myths their marketing department propagates ("PDFs are uneditable and a great format for legal document exchange, "flash has 98% market penetration", "Don't worry, I won't cum in your mouth" ... )
Glad I stopped with CS6 Production Suite....I refused to rent software and did not go with Creative Cloud, where you do have to give a CC number.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I can't see the future but I have a prepaid credit card that I use for Internet transactions just in case...
Dumbasses... it runs perfectly fine on ANY JEE app server... Websphere... Glassfish.... weblogic.... jboss.... jetty.... tomcat...
It COMES with a customized version of Tomcat if you CHOOSE to use it that way.
This is what sucks about working on CF stuff. It's not the language itself (it's great -- a lot like Groovy or JRuby), it's all the dumbasses who looked at CF 3.5 in 1996 and think that it hasn't changed since then.
a sewer main
You mean, we'll finally get the fix to be able to install Adobe Stuff on case-sensitive OS X systems? ;)
Is the CapitaliZation of THE word The and the lack of punctuation considered normal in the English schools you've attended?
While we're nitpicking, I should point out that English is apparently not your first language either.
At the beginning of August I purchased the latest version of Adobe Premier using a Credit card as this is the ONLY way you can do this - monthly payments require a credit card. Since this is a company purchase I used the company card, this card had never been used before for Internet transactions. I have a special card for this but because this is a monthly purchase I did not want to transfer money every month into the "special" credit card.
On the 20.08.2013 the credit card was debited by a person called "NOVAPOKEREW" through a PAYPAL account. I rang paypal and after a lengthy conversation (on and off for 3 hours) and being handed from person to person they acknowledged this was fraudulent and have no problem giving the money back to me (thank you PAYPAL).
What gives me the shits is that Adobe is lying because I have seen many people saying their credit card has been debited somewhere at the end of August - Adobe you are lying!!!!
To add insult to injury when you try to reset your password you end up in an endless loop of resetting your password again and again - this too has been the experience of MANY other people (just search for Adobe Hacked and start reading).
While I like your products ADOBE, you suck at security and customer service as well giving the incorrect information about an event.
This is not about being hacked, it can happen to anyone - but leaving your customers in the dark - well if there would be another product like Indesign ot Premier - I would NOT be using Adobe anymore, that's for sure
to code or not to code, that is the question.