Last week Adobe announced probably the worst news ever for a tech company. Both their source code and customer lists had been stolen. EPIC FAIL!
An excerpt from the email that was sent to customers: "We recently discovered that attackers illegally entered our network. The attackers may have obtained access to your Adobe ID and encrypted password. If you have placed an order with us, information such as your name, encrypted payment card number, and card expiration date also may have been accessed. Please visit www.adobe.com/go/passwordreset to create a new password."
"We also recommend that you monitor your account for incidents of fraud and identity theft, including regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your account or suspect identity theft or fraud, you should report it immediately to your bank. You will be receiving a letter from us shortly that provides more information on this matter.
Source code for ColdFusion and possibly its Acrobat family of products were stolen. MAJOR OUCH. What adds insult to injury is that this was discovered by investigative reporter Brian Krebs working together with researcher Alex Holden at Hold Security. They discovered a veritable treasure trove of 40 GB source code stashed on a server used by the same cyber mafia that hacked into Lexis-Nexis, Dunn & Bradstreet and Kroll. This must have been one sophisticated gang.
The attackers likely got in by exploiting some type of out-of-date software; potentially Adobe's own ColdFusion website hosting code. If you run ColdFusion, the safest thing to do is assume your website has been compromised, and fire up your detection and remedy procedures. The whole horror story is at Brian Krebs' site. Hope and pray this does not happen to you, so make sure you update your public facing code religiously! More at:
http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
And here is a comic that is highly ironic since Adobe seems to have not updated its own software:
http://xkcd.com/1197/