Adobe loses 2.9 mil customer records, source code

by Byron Acohido

Adobe has become the latest big-name data breach victim.

The company that mainstreamed desktop publishing admitted in a statement that hackers gained unauthorized access to 2.9 million customer accounts and stole part of the source code for at least two major consumer-facing products.

"The Adobe breach shows that everyone is fair game," says Eduard Goodman, chief privacy officer at risk management firm IDentity Theft 911. "The hackers went in and stole private consumer information in the form of card information, even if it was encrypted, and they stole intellectual property. Those are two valuable assets. "

This news was flushed out by Brian Krebs, author of the cybersecurity blog, krebsonsecurity.com.

Krebs last week disclosed similar breaches at data aggregator LexisNexis, Kroll Background America and Dunn & Bradstreet. These scoops are the result of analysis Krebs has been doing with Alex Holden, CISO of Hold Security LLC, of a massive trove of data found on a server used by cybercriminals.

Krebs and Holden found that the crooks' stored what appeared to be source code for Adobe Acrobat and Adobe ColdFusion, a web app development tool.

This could rank as one of the more devastating attacks against a tech giant. Adobe touches every personal computing device that uses its Acrobat document reader to open PDF files, and every app developer using Adobe ColdFusion to design the next hit web app.

It's a safe bet that the bad guys are hard at work devising novel ways to corrupt media and services that spin out of those widely used Adobe products. Their likely end game: innovate new ways to take control of computing devices and sneak deep inside corporate networks.

Aaron Titus, the chief privacy officer at Identity Finder, credits Adobe for at least encrypting customers' information, unlike Sony, which infamously lost unencrypted payment card data for 77 million PlayStation Network and 25 million Sony Online Entertainment subscribers to the Anonymous hacking collective in 2011.

"The far more worrying story is that hackers apparently have obtained 40 gigabytes of Adobe source code, which may include Adobe's most popular products, Adobe Acrobat and ColdFusion," says Titus. "Security professionals in organizations around the world should be on high alert for an increase in Acrobat-related attacks as hackers analyze the code for possible zero-day exploits."

Adobe has become a prime target of hackers for the past two years. Both good guy and bad guy researchers have been uncovering a string of zero-day security holes, forcing the company to issue patches.

"These are valuable assets," Goodman says. "It just goes to show that it doesn't matter who you are. Everyone is targeted. Hackers are always going to find the weak link."

In a blog post, Brad Arkin, chief security officer of Adobe, said: "Very recently, Adobe's security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related.

"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We're working diligently internally, as well as with external partners and law enforcement, to address the incident."

By: Unknown On 12:25 PM

Continue Reading

Adobe source code and customer data stolen in sustained network hack

Theft could give hackers a new way to exploit widely used Acrobat, ColdFusion apps. 

by Dan Goodin

Adobe said it suffered a sustained compromise of its corporate network, allowing hackers to illegally access source code for several of its widely used software applications as well as password data and other sensitive information belonging to almost three million customers.

Adobe dropped the bombshell revelation shortly after KrebsonSecurity's Brian Krebs reported that the hack began sometime in mid August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen.

A new generation of exploits

The Acrobat software family, which is intimately linked to the nearly ubiquitous Reader application, has long been a favorite target of malware developers looking for ways to sneak their malicious wares onto people's computers. The specter of hackers having full access to the raw source code of those applications is troubling, because it could make it easier to identify bugs that can be surreptitiously exploited in drive-by website attacks.

Wikipedia

"This breach poses a serious concern to countless businesses and individuals," a statement issued by Holder Security, which assisted in Krebs's investigation, warned. "While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for a new generation of viruses, malware, and exploits."

Adobe Chief Security Officer Brad Arkin said officials aren't aware of any unpatched vulnerabilities being targeted in any of the company's products. "However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice of the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide," he added. He thanked Krebs and Alex Holden of Hold Security for their help in responding to the intrusion.

Krebs said Adobe engineers are still in the process of checking on the integrity of its source code. The investigation includes looking for "anomalous check-in activity on its code repositories," which could indicate the intruders were able to introduce backdoors or security bugs or otherwise tamper with the underlying applications.

"We are looking at malware analysis and exploring the different digital assets we have," Arkin told Krebs. "Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched."

In an advisory, Arkin said attackers removed information for 2.9 million customers from company computers. That data included customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to orders. Attackers also accessed customer IDs and "encrypted" (by which Adobe probably means cryptographically hashed) passwords. Customer passwords will be reset, and Arkin recommended customers change passwords on other sites if they matched those used in their Adobe accounts. Arkin said company employees have notified banks that process customer payments so they can work with payment card companies and card-issuing banks to protect customer accounts.

Krebs said that one of the related intrusions he uncovered—into the network of the National White Collar Crime Center—appears to have been initiated by exploiting weaknesses in Adobe's ColdFusion product. While Adobe plugged all known security holes in the product a few months ago, many networks run outdated versions that expose the users to serious hacks. "This indeed may have also been the vector that attackers used to infiltrate Adobe's own networks," Krebs said.

Courtesy: arstechnica

By: Unknown On 9:13 PM

Continue Reading