The company is expected to publish an official statement this afternoon outlining the broad points of its investigation so far.Īrkin said Adobe is still in the process of determining what source code for other products may have been accessed by the attackers, and conceded that Adobe Acrobat may have been among the products the bad guys touched. “We are in the early days of what we expect will be an extremely long and thorough response to this incident,” Arkin said. In an interview prior to sending out a news alert on the company’s findings, Adobe’s Chief Security Officer Brad Arkin said the information shared by this publication “helped steer our investigation in a new direction.” Arkin said the company has undertaken a rigorous review of the ColdFusion code shipped since the code archive was compromised, and that it is confident that the source code for ColdFusion code that shipped following the incident “maintained its integrity.” Nevertheless, the company said that later today it will begin the process of notifying affected customers - which include many Revel and Creative Cloudaccount users - via email that they need to reset their passwords. Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that the bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network.ĬoldFusion source code repository found on hacker’s server.Īdobe said the credit card numbers were encrypted and that the company does not believe decrypted credit card numbers left its network. In an interview with this publication earlier today, Adobe confirmed that the company believes that hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers.
Today, Adobe responded with confirmation that it has been working on an investigation into a potentially broad-ranging breach into its networks since Sept. Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe. The hacking team’s server contained huge repositories of uncompiled and compiled code that appeared to be source code for ColdFusion and Adobe Acrobat. KrebsOnSecurity first became aware of the source code leak roughly one week ago, when this author - working in conjunction with fellow researcher Alex Holden, CISO of Hold Security LLC - discovered a massive 40 GB source code trove stashed on a server used by the same cyber criminals believed to have hacked into major data aggregators earlier this year, including LexisNexis, Dun & Bradstreet and Kroll. A screen shot of purloined source code stolen from Adobe, shared with the company by KrebsOnSec
0 kommentar(er)
