Adobe has admitted that over 3 million of its customer accounts have been hacked and customer names, encrypted credit or debit card numbers, and expiration dates have been pinched.
The company said that it was the target of a major security hack in which sensitive and personal data about millions of its customers have been put at risk.
Writing in his blog, Brad Arkin, senior director of security for Adobe products and services said that customer information and illegal access to source codes for “numerous Adobe products” were taken in the hack.
Source code for Acrobat, ColdFusion, and the ColdFusion Builder was lifted, although Adobe claimed that there was no “increased risk to customers as a result of this incident”.
Perhaps more importantly the hackers have nicked a huge number of Adobe customer IDs and encrypted passwords.
Investigators don’t “believe the attackers removed decrypted credit or debit card numbers” from Adobe’s systems.
Adobe is resetting the passwords on breached Adobe customer IDs, and users will receive an email telling them they might be affected. The software giant is telling customers whose credit or debit card information was taken, Arkin said.
Adobe will offer these customers an option of enrolling in a one-year complimentary credit monitoring membership.
Commenting on the news, Peter Armstrong, director of cyber security at Thales UK, said organisations are “either not taking cyber security seriously or are still unsure about how to tackle the problem”.
“Companies need to ensure they’re protecting all of their assets, and that includes people, places and information,” Armstrong said. “Security threats present themselves in a number of forms, and these increase by the day, if not hour, minute or second. For example, an employee could pose an internal threat through malicious intent or unintentional ignorance.
|Regulation in this case is a necessity to alter corporate behaviour,” Armstrong said. “Once the full extent of the cyber threat is uncovered, greater collaboration on cyber issues should lead to an improvement in cyber awareness and cyber standards”.