Add this one to the list of major hacks in 2013
In early October software maker Adobe was hit by hackers, who reportedly stole some 3 million encrypted customer credit card records, along with login data. Now, the real story is coming out, and the damage is FAR higher than was believed. KrebsonSecurity broke the story:
In a breach first announced on this blog Oct. 3, 2013, Adobe said hackers had stolen nearly 3 million encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts.
At the time, a massive trove of stolen Adobe account data viewed by KrebsOnSecurity indicated that — in addition to the credit card records – tens of millions of user accounts across various Adobe online properties may have been compromised in the break-in. It was difficult to fully examine many of the files on the hackers’ server that housed the stolen source because many of the directories were password protected, and Adobe was reluctant to speculate on the number of users potentially impacted.
But just this past weekend, AnonNews.org posted a huge file called “users.tar.gz” that appears to include more than 150 million username and hashed password pairs taken from Adobe.
An Adobe spokesperson had this to say:
“So far, our investigation has confirmed that the attackers obtained access to Adobe IDs and (what were at the time valid), encrypted passwords for approximately 38 million active users,” Edell said. “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident—regardless of whether those users are active or not.”
Now, not only did this hack put Adobe customer’s information at risk, but it also was a huge hit to the core of its business as the hackers stole source code for its proprietary programs Acrobat, Reader and possibly Photoshop. In other words, the hackers are now able to perfectly replicate the software Adobe sells on their own, an act akin to breaking into the KFC vault and stealing the Colonel’s secret recipe.
To those of you who don’t think you need to worry about hacks or online attacks as part of your crisis management planning, we ask – do you have ANYTHING on your computers you don’t want criminals, or your competition to see? If the answer is yes, then you’re quite literally putting your business on the line by refusing to take precautions.
The BCM Blogging Team
https://www.bernsteincrisismanagement.com