It’s becoming more and more common these days that large technology companies are finding themselves the victims of hacking. The latest unfortunate casualty is Adobe and their Creative Cloud subscription model. But what’s embarrassing and damaging for Adobe has the potential to be just as damaging for their millions of customers.
image source: Veysoft
Adobe has been attracting the attention of cyber-criminals for some time now, who are drawn to the amount of customer’s information contained on their cloud servers. Including customer’s names, encrypted debit and credit card details (including expiry dates) and other sensitive information. Overall, 2.9 million people may have had their information stolen. As well as this shocking breach – valuable source code for a number of Adobe products has also been stolen.
Chief Security Officer for Adobe Brad Arkin released a statement on the Adobe.com blogs section on October, 3rd which may cause some of their customers to have sleepless nights for some time to come:
“We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates… We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”
He then when on to outline what steps Adobe are taking to address the problem; including recommending all of their customers change their passwords. As well as changing their password for other websites if they’ve used it elsewhere.
Adobe claim they are notifying all customers whose credit card information may have been stolen in the incident. They are also offering these customers a year’s free enrolment in a credit monitoring service to help head-off any issues that may arise from the data breach.
They have also notified their customer’s banks and payment card companies to help protect their accounts from theft and to let them know there may be a problem. This includes any financial institution that’s processed an Adobe payment.
As well as the above, they’ve contacted U.S federal law enforcement and are providing details to help assist in the investigation on a continuing basis.
Though the stolen source code problem should not be an issue for Adobe’s customers, it may be a very serious breach for Adobe themselves. Software companies often go to great lengths to avoid their source code falling into the wrong hands. Not only could this information be sold on the black market, it could also aid in the piracy of Adobe’s existing and even future products. Rivals also jealously covet each other’s source code data.
The fallout from the breach is not just contained to Adobe; it also appears to effect others. LexisNexis and the PR Newswire online news wire service have also been effected. IT-sec firm Hold Security have confirmed that the information used to breach the PR Newswire service was contained on the same server where the Adobe source code information was stored.
So there may be more companies to come who’ve fallen victim to this group of hackers. Disguised as an image, the details of PR Newswire’s users was contained on a well-known hacker’s repo”.
This image was posted on the repository in advance of the Adobe attack.
This is the latest of several security breaches concerning cloud computing and online storage.
In addition to this breach; Sony, IMF, Codemasters, Gmail and others have all been hacked. This latest revelation threatens to derail cloud computing. For many people, one of the main attraction for cloud storage was that they could safely store crucial information online as a backup in the event that their PC had to be reformatted or replaced. This is increasingly turning out not to be the case.
As customers of even the largest, most competent tech companies will have to seriously start to consider what information they hand over to these companies, or what information they leave in their clouds. If you’re one of the 2.9 million people who may be adversely effected by this hack, then you may be very wary of trusting your details to any online company ever again, let alone voluntarily storing sensitive information in a cloud that you may have previously stored on your own PC.
Given that many of these companies are tech leviathans that hire many professional security consultants; Including those who’ve word for the security services and also ex-black-hat hackers, it may be that no-one is really safe from cyber attacks. It could also mean that cloud storage is not viable in its existing form. And for the technology to become useful for storing anything other than trivial information, the model will need to be changed.
In fact, even companies who specialize in cyber-security have found themselves the victims of attacks, as happened with the notorious attack on HBGary, in which emails and other sensitive information was stolen. One of the biggest problems that effects tech companies, is that they often cooperate with other companies on security matters.
If one company is the victim of a successful attack, the information recovered in the attack can then be used to attack other companies, as the Adobe, LexisNexis and PR Newswire hacks show. A weak link in the chain falling victim to an attack can have a knock-on effect for the entire tech industry.
If you were one of the Adobe customers who may have had their details stolen, you should not panic. The advice given by Adobe and the steps they have taken to mitigate the damage may be enough to thwart any mass-theft or fraud. You should simply follow their advice and if possible, take the additional step of obtaining a replacement debit or credit card just to be on the safe side.
If you follow these steps there’s little that can be done with the stolen data that could harm you. The biggest casualties of this latest Adobe Creative Cloud hack are not the customers, but Adobe themselves.
They will be dealing with the consequences of this incident and the damage to their reputation for long time to come. With their source code taken, they may be losing the battle on piracy of their software for years to come.