Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Hacked: Almost 3 Million Accounts Compromised

Posted by samzenpus on from the breaking-in dept.

sl4shd0rk writes "Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts."

34 of 256 comments (clear)

  1. See... this is why I torrent cracked versions. by hawks5999 · · Score: 5, Funny

    It's too risky to give your credit card number to a company like Adobe.

    1. Re:See... this is why I torrent cracked versions. by amicusNYCL · · Score: 4, Insightful

      You choose to not pay for the software that you prefer to use because you don't want to give your credit card number to Adobe? After which episode that Adobe had credit card records stolen from it did you make that decision? How long ago was that? How many times has Adobe been attacked and had customer credit card information stolen? You're sure that's not just a lame justification for not wanting to pay for the software that you prefer to use?

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    2. Re:See... this is why I torrent cracked versions. by Em+Adespoton · · Score: 5, Informative

      In related news, it turns out Adobe will give you some sort of software if you give them a credit card number. What a crazy business model!

      Not for long... their new business model is that they will let you have access to their cloud if you give them a credit card number, and keep paying them regularly.

    3. Re:See... this is why I torrent cracked versions. by amicusNYCL · · Score: 3, Funny

      I have a fantastic sense of humor. Which is not mutually-exclusive with being socially retarded.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    4. Re:See... this is why I torrent cracked versions. by rtb61 · · Score: 5, Interesting

      Especially when the break in was prior to the 17th of September and they didn't notify customer until another customer noticed Adobe source code floating around the internet October the 13th. It would seem if an outside company had not discovered the evidence of the breach Adobes customers would never have been warned that their log in details and credit card details had been stolen. Oh but the credit card details still maybe might secure because they were encrypted and those that could hack the system (likely ex-insiders and outsourcers) maybe might not have passwords for the encryption even though they had passwords for everything else.

      It seems like Adobe needs to be answering some very serious question in a court of law as to why that information was withheld from customers for so long.

      --
      Chaos - everything, everywhere, everywhen
    5. Re:See... this is why I torrent cracked versions. by Anonymous Coward · · Score: 5, Funny

      As the article says. They'll also give your credit card to anyone else who asks their computer nicely for it too...

    6. Re:See... this is why I torrent cracked versions. by daveime · · Score: 4, Funny

      > source code floating around the internet October the 13th

      Adobe have source code for a Time Machine ?

  2. Couldn't have happened... by jwsarvey · · Score: 4, Insightful

    ...to a nicer company. I feel bad for their customers, but I'm hoping this kind of breach pushes people to insist that their sensitive data isn't stored when it isn't absolutely necessary.

    1. Re:Couldn't have happened... by ralphaostrander · · Score: 3, Interesting

      Why do they need to store it use it lose it credit card companies need to insist as it is them who foot the bill when it is used. I will not lose the number it is on my card you have no need to store it. Storing it should be conspiracy to steal it and use it.

    2. Re:Couldn't have happened... by Anonymous Coward · · Score: 4, Informative

      Adobe have been pushing software rental for the last couple of years. This involves recurrent payments. Recurrent payments require the vendor to store credit card details, or outsource the payment processing to a third party who stores the details.

      Either way, if you're renting software your credit card details are being stored.

    3. Re:Couldn't have happened... by 0123456 · · Score: 3, Funny

      But we are talking about the people who wrote Flash...

  3. good thing by Anonymous Coward · · Score: 4, Insightful

    you can still buy offline standalone applications from adobe.... oh, wait.

  4. Interesting Quote by BenSchuarmer · · Score: 4, Insightful

    However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."

    In other words, the risk is as bad as ever.

    1. Re:Interesting Quote by fuzzyfuzzyfungus · · Score: 4, Funny

      However, as far as the source code is concerned, Adobe assured that there is no "increased risk to customers as a result of this incident."

      In other words, the risk is as bad as ever.

      I'm not sure why Adobe is being so pessimistic. This might be the first time in years that anybody who could find their own ass with both hands and a map, much less do code security, has examined the source code involved...

    2. Re:Interesting Quote by causality · · Score: 4, Interesting

      Worse. The source code included the required NSA backdoor. Now requiring to insert backdoors to manufacturers will lead to the logical consequence

      We live in a society that, as Bill Hicks noted, is at about an eighth-grade emotional level collectively (he was being generous). Few people acknowledge the logical consequence, and seem to believe it magically goes away if they really, badly, truly wish hard enough or get upset enough.

      I suspect the government understands the situation, however. Malicious attackers and other criminals exploiting mandatory backdoors only provides an excuse for more laws regulating the Internet and expanding executive powers. To protect you from those evil hackers, of course. If nothing else, the NSA gets their little back-door so they can more easily betray their own countrymen in the name of safety; if that goes wrong in the worst possible way, then: bonus! For the evil men who love power and know no loyalty, it's a win-win. Sadly.

      --
      It is a miracle that curiosity survives formal education. - Einstein
  5. PDF Exploit? by Statecraftsman · · Score: 5, Funny

    What are the odds this attack didn't involve a pdf exploit?

    1. Re:PDF Exploit? by fuzzyfuzzyfungus · · Score: 5, Funny

      If you upgrade to a suitably new version of Acrobat, you can put your flash exploits inside your exploit PDF. Totally worth the license fee.

  6. I, for one... by msauve · · Score: 4, Interesting

    ...can't wait until the hackers fork their code, and create something stable and less buggy from it. It will obviously take lots of work, but if they have the skills to hack in, they're up to the challenge.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  7. No cloud for you! by onyxruby · · Score: 4, Insightful

    Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla. They have ignored industry best practices and been a thorn in the side of the rest of the industry for years while being oblivious to the damage their customers have suffered from their shoddy practices.

    This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite. Incidents like this are inevitable and people need to learn that their is nothing magical about the 'cloud'. Companies that have cloud dependencies for the use of their products necessarily expose all of their customers when they get cracked.

    Do you trust Adobe with your security? Do you really think a company with their track record is going to get their act together?

    1. Re:No cloud for you! by Voyager529 · · Score: 3, Insightful

      Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla.

      ...Sony?

    2. Re:No cloud for you! by Tom · · Score: 4, Interesting

      This is the same company that wants you to rely on their security as the only way to their products now that they only rent a cloud based versions of Acrobat Suite.

      This.

      I was actually on the verge of buying some of their stuff just a week ago. Decided against it when I found out they don't sell standalone versions anymore.

      --
      Assorted stuff I do sometimes: Lemuria.org
  8. Dayamn! Thjs is big! by PerlPunk · · Score: 5, Insightful

    This is big news. Expect untold exploits for the Adobe technology stack to emerge out of this. If someone or some group is determined to run Adobe into the ground, they are off to a good start.

    1. Re:Dayamn! Thjs is big! by tech.kyle · · Score: 5, Insightful

      Expect untold exploits for the Adobe technology stack to emerge out of this.

      This. This is why people should be concerned. Open source programs have their code exposed to everyone, including those with malicious intent, and are therefor "battle hardened" for security. Closed source programs live a sheltered life and having that source suddenly available means those with malicious intent can use Adobe's relatively weak source code to develop new exploits for clients. Lots of them.

      Adobe is a household name that users couldn't get rid of if they wanted to. Flash, for example, is on nearly every internet-connected PC. This is a problem for everyone.

      --
      If we colonize Mars, it won't be the World Wide Web anymore. UWW?
  9. Re:First post! by K.+S.+Kyosuke · · Score: 5, Funny

    Your post looks photoshopped. Yep, definitely. The reflections are all wrong.

    --
    Ezekiel 23:20
  10. seeing the future verses the writing on the wall by themushroom · · Score: 4, Insightful

    Buying a piece of software from a vendor: Adobe doesn't have your details.
    Paying on a monthly basis to a software company: Adobe has your details.

    Your point about the inability to see the future is intact. However, it doesn't discount being able to predict the potential future based on math and science.

    --
    Laughter is the Spackle of the Soul.
  11. Re:3 million? by the+eric+conspiracy · · Score: 5, Interesting

    ColdFusion is built on JRun which is the most miserable POS Java servlet container conceived by the mind of man.

    Since the source code is out maybe it will get some bug fixes.

  12. Code analysis by kav2k · · Score: 5, Funny

    So, let me recap.
    Adobe just lost the source code to one of the most exposed attack surfaces known for vulnerabilities?
    That'll be one hell of a peer review.

  13. Re: Seconded by snowblind · · Score: 4, Funny

    Yes we do Dave Watson 123 Anywhere Ln. Sunnyvale, CA 95014
    Ph# 408.123.4567
    Spouse: Miss Michigan
    Kids: Dave Jr and Susie

  14. Re:Nothing to worry about by John3 · · Score: 4, Informative

    The articles so far seem to indicate the card numbers were encrypted.

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
  15. Adobe != security by oneiros27 · · Score: 5, Interesting

    Adobe must be the one company in the world to have a worse track record at security than Microsoft, Oracle or Mozilla.

    At my work, they require us to take annual security training ... and this year, I flat out refused to take it from any of my systems ... because I had to install flash & turn on java in my web browser. I had to go to the 'training center' to take it from one of the machines there.

    ... not a week later, the first of the 2013 Flash vulnerabilities was announced ... then a couple of weeks later, another one ... then the Java one ...

    Then I was told that I had to take the 'advanced security' training ... what was the recommendation? to turn off flash & java in your web browser.

    ah, the irony.

    --
    Build it, and they will come^Hplain.
  16. Re: Seconded by fisted · · Score: 4, Funny

    what, all 15?

    --
    CLI paste? paste.pr0.tips!
  17. Virtual Credit Card Numbers by slonik · · Score: 4, Informative

    Citibank offers "Virtual Credit Cards" that are generated for you on demand. Each card is valid for one merchant only (the first transaction locks the merchant), has configurable expiration date and maximum amount limit. Even if stolen such virtual cards are of little use to the bad guys.

  18. Re:This is just adobe's way of saying... by lxs · · Score: 3, Funny

    stenography efforts flagged

    That's why I stick to writing longhand. Take that Adobe!

  19. Re:seeing the future verses the writing on the wal by MachineShedFred · · Score: 4, Insightful

    I'll take this one further:

    Buying a piece of software from a vendor: Adobe doesn't have your details.
    Paying on a monthly basis to a software company: Adobe has your details.
    Software vendor not named Microsoft most responsible for exploits and attacks in the last 10 years: Adobe Systems

    If they can't even keep something like Acrobat Reader secure, how the hell does anyone trust them with credit card information? The long road that has been "software activation" led us to this place.

    --
    Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.