The security breach, which Adobe called a part of a “sophisticated attack,” also allowed hackers to obtain encrypted passwords and other personal information from customers. Hackers also illegally took copies of the source code of some of the company’s widely used products, which are run on personal computers and businesses servers around the world. There was no indication that the attackers obtained unencrypted credit card numbers, Adobe said in a statement. As a precaution, however, the company said it had notified customers and credit card companies about the breach and reset customer passwords to prevent further unauthorized access. “Cyberattacks are one of the unfortunate realities of doing business today,” Adobe’s chief security officer, Brad Arkin, wrote in a blog post on Thursday. “Given the profile and widespread use of many of our products, Adobe has attracted increasing attention from cyberattackers.” The breach at Adobe is one of a recent spate of hacking episodes at prominent organizations. Already this year, hackers have infiltrated database aggregators like Lexis-Nexis and Dun & Bradstreet and the security firm Kroll Background America, as well as the National White Collar Crime Center, which helps businesses protect their computer systems. Concerns about the security of data at Adobe were first raised last week, when a technology researcher and an independent journalist investigating the hacking episodes discovered copies of Adobe source code on a server that was believed to have been used in the previous attacks. Brian Krebs, the journalist, informed Adobe about his findings, and on Thursday publicly reported the hacking on his site, krebsonsecurity.com. One of the products that had its source code stolen is ColdFusion, which, according to Adobe, is used by the United States Senate, 75 of the Fortune 100 companies and more than 10,000 other companies worldwide. Adobe security officials said they were not aware of any specific risks to customers. But because the source code contains the DNA of the software program, computer experts said it could allow hackers to find and exploit any other potential weaknesses in its security.
This article has been revised to reflect the following correction:
Correction: October 4, 2013
An earlier version of this article misidentified a company that was hacked this year. It was the security firm Kroll Background America, not Kroll Associates.
No comments:
Post a Comment