(LiveHacking.Com) – Adobe has suffered what it is calling a series of “sophisticated attacks” on its network, resulting in the theft of customer information as well as source code for numerous Adobe products including Adobe Acrobat.
It is currently thought that the attackers stole Adobe customer IDs and encrypted passwords as well as personal and financial information relating to 2.9 million of its customers. The data stolen includes customer names, encrypted credit or debit card numbers and expiration dates.
As a result of the breach Adobe has reset all the relevant customer passwords, and notified the customers whose credit or debit card information was taken. Adobe is also offering the customers, whose card information was taken, the option of a one-year complimentary credit monitoring membership. Adobe has also notified the banks that process its customer payments and have contacted the relevant federal law enforcement agencies.
In what is being seen as a related incident, Adobe is investigating the unauthorized access of source code for Adobe Acrobat, ColdFusion and ColdFusion Builder. Brian Krebs, a former reporter for The Washington Post and renowned security expert spotted a 40 GB source code dump stored on a server used by some known cyber criminals. The dump contained huge repositories of uncompiled and compiled code that appeared to be for ColdFusion and Adobe Acrobat. Krebs told Adobe about the source dump, Adobe then revealed to Krebs that the company has been investigating a security breach into its networks since Sept. 17, 2013.
“We are in the early days of what we expect will be an extremely long and thorough response to this incident,” said Adobe’s Chief Security Officer Brad Arkin. “We’re still at the brainstorming phase to come up with ways to provide higher levels of assurance for the integrity of our products, and that’s going to be a key part of our response. We are looking at malware analysis and exploring the different digital assets we have. Right now the investigation is really into the trail of breadcrumbs of where the bad guys touched.”
Adobe isn’t aware of any zero-day exploits targeting any Adobe products. However, as always, it recommends that customers use only supported versions of its software and apply all available security updates.
In an unrelated announcement, Adobe confirmed it will it will be releasing critical security updates next Tuesday for Adobe Acrobat and Adobe Reader.