Adobe Systems Inc. is reporting one of its servers has been hacked, with attackers getting a look at the customer IDs and encrypted passwords of as many as 2.9 million users.
In a blog post, Adobe chief security officer Brad Arkin said the hackers managed to get information on customer names, encrypted credit or debit card numbers, expiration dates, and other customer order information. However, Adobe is saying it doubts hackers managed to get a hold of any decrypted debit or credit card numbers.
The company added it would be resetting its customers’ passwords, sending its customers an email notification to let them know on how to change their passwords. It is also notifying customers who may have had their credit or debit card information exposed, sending a notification letter to let them know about possible ways to protect themselves. Adobe is also offering these customers a free one-year credit monitoring membership.
In a separate blog post, Adobe had this to say:
“We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.”
So while Adobe seems to be working to do some damage control and to lock down its systems, Greg Kumparak of TechCrunch writes the hackers probably got their hands on the source code for Adobe Acrobat, ColdFusion, and ColdFusion Builder. And once you have an application’s source code, Kumparak says, it becomes a lot easier to find loopholes in the application and to exploit them. That could spell further trouble down the line, if the attackers find a way to access not just these customers’ data, but the other millions of people who use Adobe Acrobat worldwide.