Adobe has admitted that cyber criminals have stolen source code to several of its products and accessed data on millions of customers after it uncovered “sophisticated attacks” on its network.
Chief security officer at Adobe Brad Arkin wrote in a blog post that data on 2.9 million customers was accessed and reams of data was stolen.
“We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders,” he said.
“At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred.”
Arkin added that the firm is now working with law enforcement agencies to assess the incidents and is taking a number of steps to try to protect customers. This includes resetting passwords for all customers and notifying those whose data was stolen.
Banks have also been informed about the incident so they can try to stop any fraudulent activity taking place through customer accounts.
Regarding the theft of source code for its products, Adobe said that its Acrobat, ColdFusion, ColdFusion Builder and other, unnamed, Adobe products were affected. It said it was currently not aware of any zero-day exploits targeting these problems.
“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” Arkin said in a separate blog post. The firm said earlier this week that fixes for two key products would arrive next week, although it's unclear if this is related.
"Adobe is planning to release security updates on Tuesday, October 8, 2013 for Adobe Reader and Acrobat XI (11.0.04) for Windows," it said.
The firm also thanked Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer at Hold Security, for helping Adobe deal with the incident when it came to light.
Arkin added that the threat posed by attackers to firms such as Adobe is becoming ever more real, as these attacks have proved.
“Cyber attacks are one of the unfortunate realities of doing business today. Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyber attackers.”
The incident should serve as a warning for other firms in the business world, as criminals are attacking the networks of an increasingly diverse range of companies. Earlier this year kitchenware store Lakeland was the target of a successful attack, underlining that firms of all shapes and sizes must be on their guard.
No comments:
Post a Comment