Adobe is currently investigating a massive data breach during which both customer information and source code belonging to various software programs containing intellectual property worth billions, The Guardian reported. The software programs impacted have been identified as Adobe Acrobat and ColdFusion.
"Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems," Brad Arkin, chief security officer at Adobe, said in a customer security announcement cited by Out-Law.com. "We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates and other information relating to customer orders."
Arkin went on to say that decrypted credit or debit card numbers in Adobe's systems were not compromised. As Adobe performs an internal investigation and cooperates with law enforcement, he said they regret the incident. The company encouraged customers to reset passwords and change passwords for other sites that may have shared the same password combination. Affected Adobe customers who may have had credit or debit card information compromised will be offered a yearlong credit monitoring service for free. In addition, Adobe is offering these customers training on how to protect against identity theft and the "potential misuse" of their financial information. The banks that process Adobe's customer transactions also said they would help monitor those accounts for fraud.
"Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident," Arkin said in a separate blog post on Adobe's site. "We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched or improperly configured deployments of Adobe products."
In a separate blog, Graham Cluley, an information security analyst, said no software company ever wants to have someone steal their source code. Cluley said that source code is what makes a technology company successful, and made the comparison of source code to "crown jewels."
The silver lining of this incident is customer's financial information was encrypted before the breach. In the coming weeks, Adobe will certainly be evaluating how its systems work as the company moves to make its network and industry data more secure.
Matt Cullina is chief executive officer of IDentity Theft 911.