Cyber Attacks on Adobe Jeopardize Customers and US Agencies
Bad news hit Adobe Systems earlier this month. Chief security officer Brad Arkin writes that the San Jose-based software company suffered some serious cyber attacks on its network, resulting in “illegal access of customer information as well as source code for numerous Adobe products.”
So if you use one of the many Adobe products out there, such as Photoshop or Acrobat, now is the time to reset your passwords.
Arkin writes that 2.9 million customers may be affected, with their names, encrypted credit or debit card numbers, and “other information relating to customer orders” possibly compromised.
According to Ars Technica, security reporter Brian Krebs’s investigations into recent hackings of LexisNexis led Krebs to discover that the same offenders who infiltrated the Dayton, Ohio-based research giant, whose services are used by legal professionals and journalists alike, also stole from Adobe.
Krebs reportedly “happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe.”
From Ars Technica, a statement issued by Hold Security, which assisted in Krebs' investigation, warns:
This breach poses a serious concern to countless businesses and individuals. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for a new generation of viruses, malware, and exploits.
Unfortunately for Adobe, this recent security breach has cast some doubts on the company’s forays into using a software as a service (SaaS) business model. An opinion piece on NetworkWorld by Alan Shimel, cofounder and managing partner at The CISO Group, expresses his concern that the hacks into customer accounts can lessen the trust customers must have in a company that bills them monthly for continued access to its products.
Shimel writes, “It is a very difficult proposition for a vendor, even one as well-known as Adobe, to move to a subscription SaaS model if customers can't trust the company to keep their information safe."
And it’s not only Adobe and its customers that are affected. The Wall Street Journal details how the US government might feel the pain from the leaked Adobe source code of Acrobat, ColdFusion, and ColdFusion Builder.
The business paper talked to Randal Rioux, the principal security strategist of data analysis company Splunk Inc., who said that "at least 11 U.S. government agencies including the Department of Defense, the National Security Agency and the Department of Energy use Adobe ColdFusion software on publicly-accessible systems.”
In The Wall Street Journal Rioux, who has worked at many different government agencies as both an employee and a contractor, says:
The Adobe breach comes at a bad time for the U.S. government with the shutdown. The source code leak combined with the lack of personnel overseeing government websites gives hackers a window of opportunity.