Security Awareness Training Blog

    Inside The Adobe Databreach Disaster

    Adobe Hack Screenshot resized 600

    Last week Adobe announced probably the worst news ever for a tech company. Both their source code and customer lists had been stolen. EPIC FAIL!

    An excerpt from the email that was sent to customers: "We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. Please visit www.adobe.com/go/passwordreset to create a new password."

    "We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.

    Source code for ColdFusion and possibly its Acrobat family of products were stolen. MAJOR OUCH. What adds insult to injury is that this was discovered by investigative reporter Brian Krebs working together with researcher Alex Holden at Hold Security. They discovered a veritable treasure trove of 40 GB source code stashed on a server used by the same cyber mafia that hacked into Lexis-Nexis, Dunn & Bradstreet and Kroll. This must have been one sophisticated gang.

    The attackers likely got in by exploiting some type of out-of-date software; potentially Adobe's own ColdFusion website hosting code. If you run ColdFusion, the safest thing to do is assume your website has been compromised, and fire up your detection and remedy procedures. The whole horror story is at Brian Krebs' site. Hope and pray this does not happen to you, so make sure you update your public facing code religiously! More at:
    http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

    And here is a comic that is highly ironic since Adobe seems to have not updated its own software:
    http://xkcd.com/1197/

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Spear Phishing, Security Awareness Training, Cybercrime

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews